hr-network-analyst
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection via external data sources.
- Ingestion points: Untrusted data enters the agent's context through
WebSearch,mcp__firecrawl__firecrawl_search, andmcp__brave-search__brave_web_search, as well as professional APIs (e.g., Semantic Scholar, ArXiv) as described inreferences/data-sources.md. - Boundary markers: There are no defined delimiters or instructions provided in the skill files to help the agent distinguish between its core instructions and data retrieved from the web.
- Capability inventory: The skill is granted
WriteandEditpermissions for local file management andWebFetchfor network operations. - Sanitization: No evidence of sanitization, filtering, or validation of the retrieved external content is present in the provided implementation patterns.
- [DATA_EXFILTRATION]: The skill documentation includes patterns for making requests to external data providers.
- Network operations: The reference file
references/data-sources.mdcontains Python implementation examples for fetching person and company data from third-party domains includingapi.apollo.io,clearbit.com,nubela.co(Proxycurl), andapi.peopledatalabs.com. - Context: While these operations are directed towards well-known professional data services and are aligned with the skill's purpose of network reconstruction, they involve network communication with non-whitelisted domains using placeholder API keys.
Audit Metadata