data-research
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to process highly sensitive information, including investor updates (MRR, burn rate, runway) and personal/company expense reports. While the archiving tools (put_raw_data, file_upload) are intended for structured storage, the aggregation of this data creates a sensitive surface area that could be targeted for exfiltration.
- [PROMPT_INJECTION]: The skill processes untrusted data from various external sources, making it vulnerable to indirect prompt injection. Ingestion points: Phase 2 (Email via credential gateway, Web search results, APIs, Attachments). Boundary markers: Absent; the skill does not define delimiters or specific instructions to ignore embedded commands in the source data. Capability inventory: put_page, put_raw_data, file_upload, and add_timeline_entry (SKILL.md). Sanitization: Absent; the process relies on regex and LLM extraction but does not explicitly filter for malicious instructions within the source content.
- [COMMAND_EXECUTION]: The skill references the 'gbrain research init' command-line utility for scaffolding new research recipes. This is a vendor-provided tool from the author (garrytan) and should be monitored for unexpected behavior.
Audit Metadata