research-analyst-system
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the architectural descriptions or configuration files.- [NO_CODE]: The skill package contains only documentation and metadata; no executable scripts or logic are included.- [DATA_EXFILTRATION]: The skill describes saving reports to a local directory, which is a benign and expected behavior for a research tool.- [PROMPT_INJECTION]: Analysis of the indirect prompt injection surface (Category 8):
- Ingestion points: The workflow specifies that researchers read project-related materials and use search tools like WebSearch and metaso (SKILL.md).
- Boundary markers: There are no explicit instructions or delimiters provided to mitigate the risk of instructions embedded in external content.
- Capability inventory: The system's capabilities are limited to reading data and writing structured reports to the local file system.
- Sanitization: No methods for sanitizing or validating external input are defined in the provided files.
Audit Metadata