lead-research-assistant
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill relies on external web data (search results, job postings, company news) to qualify leads. * Ingestion points: External web content and search engine results extracted during lead research (File: SKILL.md). * Boundary markers: Absent. No instructions are provided to the agent to ignore embedded commands in the data it finds. * Capability inventory: Web searching, local file reading (codebase analysis), and drafting outreach strategies (File: SKILL.md). * Sanitization: Absent. Adversaries could embed malicious instructions in their public-facing web content to manipulate the lead scoring or outreach strategies generated by the agent.
- [Data Exposure] (LOW): The skill instructs the agent to analyze the user's codebase to understand the product context. This creates a risk where internal intellectual property is processed and potentially included in queries sent to external search engines or data enrichment services during the lead research process.
Audit Metadata