customer-discovery
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (INFO): 1. Ingestion points: Untrusted external content from Reddit, forums, and search results (SKILL.md). 2. Boundary markers: Absent; there are no instructions for the agent to ignore commands embedded within the fetched data. 3. Capability inventory: Display and text generation only; the skill does not use subprocesses, file-write operations, or network tools beyond the agent's built-in search. 4. Sanitization: Absent. The risk is minimal because the agent lacks high-privilege capabilities to act upon malicious instructions.
- Prompt Injection (SAFE): No instructions designed to override safety filters, bypass constraints, or extract system prompts were found.
- Data Exposure & Exfiltration (SAFE): No access to sensitive local files (e.g., SSH keys, AWS credentials) or hardcoded secrets were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill consists entirely of markdown instructions and contains no code, script downloads, or package installations.
Audit Metadata