market-research-reports
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool and Python's subprocess module to perform document compilation and visual generation. Evidence: SKILL.md provides instructions for executing xelatex and bibtex. The scripts/generate_market_visuals.py script uses subprocess.run to call auxiliary scripts for creating charts and diagrams.
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection by processing data from external sources. Evidence: 1. Ingestion points: Research data is gathered from external sources via the research-lookup tool. 2. Boundary markers: The skill does not implement delimiters or safety instructions to prevent the agent from following commands embedded in the research data. 3. Capability inventory: The skill has access to shell execution for LaTeX processing and visual generation. 4. Sanitization: There is no evidence of sanitization or escaping of the ingested research data before it is included in LaTeX files or visual generation prompts.
Audit Metadata