niche-research
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill uses imperative 'CRITICAL' markers and instructions like 'go straight to Step 1' and 'Do not summarise the research method' to bypass the agent's standard conversational transparency and default procedural behavior.
- [DATA_EXFILTRATION]: The instructions command the agent to navigate to 'https://www.reddit.com/' (home feed) and 'https://x.com/home' (For You feed). This access exposes the user's private social media context, personalized interests, and potentially sensitive account data to the agent's context during the automated scrolling and extraction process.
- [PROMPT_INJECTION]: The skill presents a significant attack surface for Indirect Prompt Injection (Category 8) by ingesting untrusted content from various external sources.
- Ingestion points: Public and private feeds on Reddit, threads on X, and arbitrary web pages accessed via Google Search results (Step 2).
- Boundary markers: Absent. The instructions do not include delimiters or warnings to treat ingested content as data rather than potential instructions.
- Capability inventory: The skill can read local files ('about-me.md'), prompt the user ('AskUserQuestion'), and control the web browser through high-privilege tools like 'Claude for Chrome' and 'Playwright'.
- Sanitization: Absent. There is no mention of filtering, validation, or escaping the external content before it is processed into themes or presented in the output table.
Audit Metadata