icp-research
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes an indirect prompt injection surface (Category 8) by fetching untrusted data from platforms like Reddit, Twitter, and G2 to populate its research artifacts. \n
- Ingestion points: Data enters the system via the WebSearch and WebFetch tools used by the VoC Collector Agent and Habitat Agent (e.g., in agents/voc-collector-agent.md). \n
- Boundary markers: The system employs structured Markdown templates for all agent outputs and uses an orchestrator to curate content passed between agents. \n
- Capability inventory: The skill has access to Bash, WebSearch, and WebFetch tools and processes sensitive business data from research/product-context.md. \n
- Sanitization: The Critic Agent (agents/critic-agent.md) performs mandatory validation, checking for AI-generated or unattributed quotes. \n- [COMMAND_EXECUTION]: The skill contains a bash script (scripts/search-platforms.sh) that generates search queries based on user-supplied topics. While the script currently only performs string output, it represents a surface where user-provided strings are processed in a shell environment.
Audit Metadata