tw-research-hypothesis-generator
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to ingest untrusted data from multiple sources which could theoretically contain instructions to override the agent's behavior.
- Ingestion points: User-provided research questions or literature review gaps (Step 2) and external content retrieved via the WebSearch tool (Step 3).
- Boundary markers: The instructions do not define explicit delimiters (e.g., XML tags or Markdown blocks with warnings) to isolate external content from the system instructions.
- Capability inventory: The skill is granted access to powerful tools including
Bash(for command execution) andWrite(for file system modification). - Sanitization: No explicit sanitization, filtering, or validation of the ingested research data or search results is mentioned before the data is interpolated into the reasoning process.
Audit Metadata