customer-research
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions and source guides follow industry-standard research methodologies and do not contain any malicious directives, credential harvesting, or unauthorized system access patterns.
- [NO_CODE]: The skill does not include any executable scripts, binaries, or automated installation commands, consisting entirely of markdown documentation and evaluation data.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data, which presents an inherent surface for indirect prompt injection. 1. Ingestion points: Data is gathered from external community forums, review sites, and user-provided transcripts (SKILL.md, references/source-guides.md). 2. Boundary markers: While the skill uses structured extraction and synthesis templates, it does not include explicit delimiters or instructions to ignore commands embedded in the research materials. 3. Capability inventory: The instructions guide the agent's research logic; network and file operations are managed by the host agent's native tools. 4. Sanitization: No specific sanitization or filtering logic for external content is defined within the skill instructions.
Audit Metadata