market-researcher-agent
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from web research tools and processes it without sanitization or protective boundary markers. Mandatory Evidence Chain: Ingestion points: Web research results collected by the 4 specialized agents in agents/*.md; Boundary markers: Absent; Capability inventory: Subprocess execution of a Python script in SKILL.md; Sanitization: None present for research content before synthesis.
- [Command Execution] (MEDIUM): The skill invokes a local Python script ('report_to_pdf.py') from a sibling directory ('media-utils'). While this is a standard modular pattern, the script is executed with markdown input derived from un-sanitized external research, which introduces a risk surface for content injection attacks.
Recommendations
- AI detected serious security threats
Audit Metadata