company-research
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface identified. The skill processes untrusted external data (reviews and news) which could contain malicious instructions. While the multi-agent checker pattern mitigates factual errors, it lacks explicit defenses against embedded instructions.
- Ingestion points: SKILL.md (Step 8 for customer/employee reviews and Step 14 for M&A news).
- Boundary markers: Absent. No delimiters or instructions to disregard embedded commands are specified for the gathered content.
- Capability inventory: SKILL.md (web_search, write_file, and subagent spawning via Task).
- Sanitization: Absent. The skill does not describe methods to sanitize or escape ingested text before synthesis.
Audit Metadata