resonance-researcher
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection due to its core investigative workflow. • Ingestion points: The agent uses browser_subagent to read external documentation (llms.txt) and web content. • Boundary markers: Absent; there are no instructions provided to treat external content as untrusted or to use delimiters. • Capability inventory: The agent has high-privilege access to run_command, write_file, and edit_file. • Sanitization: Absent; the skill explicitly mandates that the agent verify findings by executing the discovered code (SKILL.md), which is a classic vector for indirect prompt injection.
- [Command Execution] (SAFE): The availability of the run_command tool is consistent with the skill's purpose as a technical researcher. No pre-defined malicious commands or suspicious networking patterns were found in the static instructions.
Audit Metadata