lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from external sources such as web search results, job postings, and company websites, which could contain malicious instructions.
- Ingestion points: Instruction 3 ("Research and Identify Leads") and Instruction 5 ("Gathers relevant information about decision-makers") involve fetching external, attacker-controllable data.
- Boundary markers: Absent. The instructions do not include delimiters or specific guidance for the agent to ignore instructions embedded in the external research data.
- Capability inventory: The skill encourages reading the local filesystem (Instruction 1), performing network searches (Instruction 3), and writing files/CSV (Instruction 7).
- Sanitization: No sanitization or validation of external content is specified.
- [Data Exposure & Exfiltration] (SAFE): The skill instructions prompt the agent to analyze the local codebase to understand the product's value proposition.
- Evidence: "If in a code directory, analyze the codebase to understand the product" (Instruction 1).
- Context: This is a core functionality for the stated purpose. While reading a repository could lead to the exposure of hardcoded secrets or
.envfiles if they are not ignored, there is no evidence of instructions to exfiltrate this data to an external server.
Audit Metadata