community-pulse
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill package consists exclusively of Markdown documentation, configuration files, and report templates. There are no executable scripts (Python, JavaScript, or Bash) or binary files included.
- [EXTERNAL_DOWNLOADS]: The skill utilizes Exa's search and deep research capabilities to fetch community feedback from the web. This is a core functionality that leverages a well-known service provider to aggregate external data.
- [PROMPT_INJECTION]: The skill involves processing untrusted data from external web sources (blogs, forums, and social media) as defined in
SKILL.md. This represents a surface for indirect prompt injection. - Ingestion points: External content retrieved via Exa search queries defined in
references/exa-queries.md. - Boundary markers: Not explicitly defined in the prompts to distinguish between instructions and fetched data.
- Capability inventory: No dangerous tools or actions (such as file system writes, shell execution, or credential access) are present in the skill files.
- Sanitization: None; however, because the skill lacks executable capabilities, the risk of exploitation is negligible.
Audit Metadata