lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): This skill is vulnerable to indirect prompt injection because it ingests and analyzes data from untrusted external sources like company websites, news articles, and job boards.
- Ingestion points: Company websites, LinkedIn profiles, job postings, and news articles (SKILL.md instructions 3 and 5).
- Boundary markers: Absent. The instructions do not include delimiters or warnings to ignore instructions embedded in the external content.
- Capability inventory: The agent has the capability to read local files (codebase analysis) and perform network-based research.
- Sanitization: No sanitization or validation of the external content is specified before it is processed by the LLM.
- [Data Exposure] (LOW): The skill instructions (Step 1) prompt the user to allow the agent to analyze their local codebase to understand the product. While this is the intended functionality, users should be aware that the agent will read local files in the current repository, which might contain sensitive context if not properly managed.
Audit Metadata