startup-idea-validator
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto retrieve JSON data from Reddit's public API and other search engines. This command execution is necessary for the skill's core functionality of idea discovery. - [PROMPT_INJECTION]: The skill processes untrusted external data from sources such as Reddit posts and web search results, creating a surface for indirect prompt injection.
- Ingestion points: Data is sourced from the Reddit JSON API, Hacker News, Product Hunt, and general web searches as described in
SKILL.md. - Boundary markers: There are no explicit instructions to use delimiters or ignore instructions embedded within the sourced data.
- Capability inventory: The orchestrator agent can execute network requests (
curl) and spawn sub-agents for analysis. - Sanitization: The skill lacks explicit sanitization or validation logic to filter out potentially malicious instructions from the external content before it is processed by the analysis agents.
Audit Metadata