lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it is designed to ingest and process data from untrusted sources.
- Ingestion points: The skill explicitly instructs the agent to analyze the user's local repository/codebase and perform web searches to identify companies and leads.
- Boundary markers: Absent. There are no instructions provided to the agent on how to distinguish between its internal logic and potentially malicious instructions embedded in the code files or web pages it processes.
- Capability inventory: The skill implies the agent has access to tools for reading the filesystem (
read_file), performing web searches, and potentially writing files (suggested by the 'Offer next steps' section mentioning CSV export). - Sanitization: Absent. There are no guidelines for the agent to filter or sanitize the information it retrieves from external sources before incorporating it into its decision-making process.
- Data Exfiltration (LOW): While no malicious exfiltration code is present, the 'analyze your codebase' feature creates a data exposure surface. Sensitive information (secrets, proprietary logic) stored in the repository could be included in the context sent to the LLM or reflected in search queries generated by the agent during lead research.
- No Code (SAFE): The skill is entirely declarative (Markdown). It does not distribute any executable binaries, Python scripts, or Node.js dependencies, significantly reducing the risk of traditional malware or RCE.
Audit Metadata