lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from a user's local codebase to generate business insights, creating an indirect prompt injection surface. 1. Ingestion points: Local repository files analyzed by the agent (SKILL.md). 2. Boundary markers: Absent; the skill does not instruct the agent to ignore or delimit embedded instructions within the codebase. 3. Capability inventory: File system read access (to analyze the repo) and web search functionality (for lead enrichment). 4. Sanitization: Absent; no specific validation or escaping of ingested codebase content is defined in the instructions.
Audit Metadata