Skills
skills/koriigami/claude-research-and-write/koriigami-topic-research/Gen Agent Trust Hub

koriigami-topic-research

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted external data during its research phase and incorporates it into a local markdown file.
  • Ingestion points: Web search results, industry reports, and 'trending conversations' (Step 2).
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore embedded instructions within the researched content.
  • Capability inventory: File system write access (Step 4) and user interaction via the AskUserQuestion tool.
  • Sanitization: Absent. Data from external sources is interpolated directly into the output rationales and content gap analysis.
  • Multi-step chain risk: The output is designed to be used by the /koriigami-write-article skill. A malicious actor could host content that, when researched, injects instructions into the generated topic list to compromise the behavior of the subsequent writing skill.
  • [Data Exposure & Exfiltration] (LOW): The skill writes output directly to the local filesystem. While this is its primary function, the persistence of unsanitized data from external sources onto a local machine is a minor security concern (Category 2).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 11:52 AM