lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill instructs the agent to research leads by searching for company websites, job postings, and news. These external sources are untrusted and could contain hidden malicious instructions designed to manipulate the agent's output or behavior.
- Ingestion points: External company websites, job boards, news articles, and LinkedIn profiles (Step 3).
- Boundary markers: None. The instructions do not specify any delimiters or warnings to ignore instructions found within researched content.
- Capability inventory: Web search and file reading capabilities are used to aggregate data into a final report.
- Sanitization: No sanitization or validation of the external content is performed before presentation to the user.
- [Data Exposure] (LOW): The skill directs the agent to "analyze the codebase" to understand the product. If run in a repository containing unencrypted secrets (e.g., .env files, API keys, or configuration files), the agent might ingest and inadvertently include this sensitive data in its summary or analysis.
- Evidence: Step 1 instructions command the agent to analyze the codebase if in a code directory.
- Mitigation: Users should ensure that sensitive files are excluded from the agent's scope using standard exclusion mechanisms.
Audit Metadata