niche-signal-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill processes untrusted website content and job listings to identify business signals. While this introduces a potential surface for indirect prompt injection, it is the primary intended use case and does not involve risky capabilities.
- Ingestion points: External data enters the context from exa_search and crustdata results stored in CSV files.
- Boundary markers: Not explicitly defined in instructions, but data is processed deterministically by a script.
- Capability inventory: Limited to executing the local analyze_signals.py script and performing standard web searches.
- Sanitization: The analysis script performs substring matching and snippet extraction.
- [SAFE]: The Python analysis script (scripts/analyze_signals.py) is verified to use only standard libraries (csv, json, sys, re, argparse, collections) and contains no network-reaching or dynamic code execution functions.
- [SAFE]: No obfuscated URLs, hardcoded credentials, or malicious persistence mechanisms were identified across the skill files.
Audit Metadata