research
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill adheres to a structured five-step workflow that prioritizes observation and context-gathering over decision-making. It restricts network activity to fetching URLs provided by the user or discovered within the codebase, which is consistent with its stated purpose as a research tool.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes data from external sources and the project codebase.\n
- Ingestion points: Untrusted data enters the agent context through external URLs (Step 3) and codebase scanning (Step 2).\n
- Boundary markers: The skill does not define explicit delimiters or 'ignore instructions' markers to isolate external content from the synthesis logic.\n
- Capability inventory: The agent has the capability to write to the local filesystem (Step 4) and perform network fetch operations (Step 3).\n
- Sanitization: No specific sanitization or validation of external documentation or codebase comments is described before the content is incorporated into the research artifact.
Audit Metadata