startup-positioning
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's research functionality creates a surface for indirect prompt injection.
- Ingestion points: In Phase 2, the agent is instructed to perform web searches for voice-of-customer data and competitor information on sites like Reddit and G2.
- Boundary markers: The skill lacks explicit delimiters or instructions to treat external research data as non-authoritative content when synthesizing positioning results.
- Capability inventory: The agent has the ability to write multiple files to the local project directory and spawn parallel agents.
- Sanitization: There is no mechanism described for sanitizing or filtering external content to prevent the execution of malicious instructions embedded in researched materials.
Audit Metadata