lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from external sources such as company websites, job postings, and news articles to identify leads. 1. Ingestion points: Web search results and external site content mentioned in 'Research and Identify Leads'. 2. Boundary markers: Absent. 3. Capability inventory: Web searching and file reading. 4. Sanitization: None mentioned.
- [DATA_EXFILTRATION] (LOW): The instruction to 'analyze the codebase' to understand the product logic creates a risk of sensitive data exposure (Category 2). Without explicit exclusion of sensitive files like .env, .git/config, or SSH keys, the agent may inadvertently read and process credentials while performing its primary task.
Audit Metadata