discover-opportunities
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill is entirely composed of Markdown-based instructions and a JSON metadata file. It does not include any scripts, binaries, or code that could execute on a host system.
- [SAFE]: The skill does not perform any network requests, file system modifications (outside of its own directory), or credential handling. It is a pure prompt-based extension for an AI agent.
- [INDIRECT_PROMPT_INJECTION]: The skill defines several input fields for user-provided data (e.g., 'Target user', 'Trigger and context') that are interpolated into opportunity statements. While this represents a surface for indirect prompt injection, the skill lacks any 'capabilities' (such as shell access or API calls) that could be exploited by such an injection. The lack of boundary markers is noted but does not escalate the risk in this context.
Audit Metadata