lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill exhibits a significant attack surface for Indirect Prompt Injection. It is designed to browse external websites, news, and job postings to identify leads. Malicious content on these third-party sites could attempt to override the agent's instructions. Evidence: (1) Ingestion points: Web search results, company websites, and job postings. (2) Boundary markers: Absent; no delimiters or warnings provided to the agent regarding untrusted external data. (3) Capability inventory: File-system read (local codebase) and network-search operations. (4) Sanitization: Absent; no validation or filtering of external content is defined.
- Data Exposure (SAFE): The skill analyzes the user's local codebase to improve lead matching. While this is an intended feature, users should be aware that processing proprietary source code could lead to the exposure of logic or metadata if the agent provides overly detailed summaries in its output.
Audit Metadata