lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting untrusted data.
- Ingestion points: The skill reads local files from the user's codebase (Instruction 1) and retrieves data from external web searches, including job postings and news (Instruction 3).
- Boundary markers: There are no instructions defining delimiters or protective wrappers to prevent the agent from executing instructions found within the processed data.
- Capability inventory: The skill possesses the capability to read local files and perform network searches.
- Sanitization: No sanitization or validation logic is specified for the external or local content being processed.
Audit Metadata