data-researcher
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines workflows for ingesting data from untrusted external sources, creating a potential surface for indirect prompt injection. * Ingestion points: Processes data from 'Web scraping', 'API exploration', and 'Public datasets' as described in the 'Data discovery' section. * Boundary markers: Lacks explicit delimiters or instructions to treat external data as untrusted content. * Capability inventory: References the use of 'Python/R programming', 'SQL databases', and 'Web scraping' tools. * Sanitization: No data validation or sanitization procedures are specified for external inputs.
- [NO_CODE]: The skill consists entirely of markdown instructions and metadata within the SKILL.md file. No external scripts, binaries, or configuration files were provided for analysis.
Audit Metadata