research-compound
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from documentation files and uses that information to influence its research behavior and file editing tasks.
- Ingestion points:
AGENTS.mdfiles located within the project repository are read to extract context and conventions. - Boundary markers: The skill instructions do not include markers to delimit external content or warnings to ignore potential instructions embedded within the documentation files.
- Capability inventory: The agent has access to
Read,Glob, andEdittools, enabling it to modify repository files based on the context it retrieves. - Sanitization: There is no evidence of sanitization or validation logic to ensure that the content read from documentation does not contain malicious instructions.
Audit Metadata