faion-user-researcher
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted external data, creating a surface for indirect prompt injection attacks.
- Ingestion points: The skill explicitly instructs the agent to check and analyze external data sources including
.aidocs/product_docs/interview-notes/, support tickets, customer reviews, and web-searched content (as defined inSKILL.mdandpain-point-research/README.md). - Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are implemented in the templates to differentiate between instruction and data.
- Capability inventory: The skill allows the use of
WebSearch,WebFetch,Read, andWritetools, which could be leveraged to exfiltrate processed data if a malicious instruction is encountered in a research source. - Sanitization: No sanitization or validation logic is defined for the external content before it is interpolated into the agent's context.
Audit Metadata