lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it is instructed to process untrusted data from external sources and local files. * Ingestion points: External company websites, job boards, and news articles (SKILL.md). * Boundary markers: No delimiters or protective instructions are provided to separate untrusted data from the agent's internal logic. * Capability inventory: The skill relies on web search and codebase analysis capabilities. * Sanitization: No data sanitization or filtering steps are included in the instructions.
- [NO_CODE]: The skill is composed entirely of Markdown instructions and lacks any executable scripts, binaries, or configuration files, which mitigates many common attack vectors like remote code execution or persistence.
Audit Metadata