research-assistant
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: This skill consists solely of markdown instructions and metadata (SKILL.md). It does not ship with any Python scripts, Node.js modules, or binary executables.
- [SAFE]: No malicious patterns such as direct prompt injection, data exfiltration, or obfuscation were found. The skill serves its stated purpose of organizing research workflows without requesting elevated privileges or making external connections.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection, which is inherent to its primary function of processing external data.
- Ingestion points: Reads all notes and content identified during search in the user's vault (SKILL.md).
- Boundary markers: Absent; the skill does not explicitly instruct the agent to treat note content as data only or to ignore instructions found within notes.
- Capability inventory: Restricted to searching and reading local vault files; no network access, file write, or subprocess execution capabilities are defined in the skill content.
- Sanitization: No sanitization or filtering of note content is instructed before synthesis.
Audit Metadata