market-analyst
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The reference file
market-researcher.mddefines an agent role that utilizes the Bash tool. This allows the execution of shell commands for data processing and analysis within the workspace.- [EXTERNAL_DOWNLOADS]: The skill performs web searches and downloads data from official South Korean platforms, including DART (Financial Supervisory Service), KOSIS (Statistics Korea), and KITA (Korea International Trade Association). These are legitimate and well-known sources for the skill's domain.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it retrieves and processes untrusted content from the web. - Ingestion points: Data enters the system via unrestricted web searches and specialized data portals as described in
market-researcher.md. - Boundary markers: The instructions lack specific delimiters or 'ignore embedded instructions' warnings when handling text from external sources.
- Capability inventory: The skill possesses file-write capabilities in the
_workspace/directory and general Bash execution. - Sanitization: No sanitization or validation of the retrieved web content is performed before it is integrated into the analysis process.
Audit Metadata