market-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes user-defined inputs like the MVP topic and target customer. It lacks explicit boundary markers (e.g., delimiters or ignore instructions) to separate this untrusted data from the agent's logic. Evidence: 1. Ingestion points: MVP 주제, 타겟 고객 정의 (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: WebSearch, Sequential MCP, file-write to define/시장조사.md. 4. Sanitization: Absent.
- [Data Exposure & Exfiltration] (SAFE): No sensitive files (e.g., .ssh, .aws) are accessed, and no hardcoded credentials were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill relies on internal tools (WebSearch) and does not download or execute external scripts or packages.
Audit Metadata