market-research
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It aggregates data from external sources (Grok API, Yahoo Finance) and asks the agent to provide supplemental analysis without using delimiters. * Ingestion points: Output from run_research.py is processed by the agent. * Boundary markers: None present to separate instructions from tool output. * Capability inventory: Access to Bash(python3 *) execution as defined in SKILL.md. * Sanitization: No evidence of sanitization of API responses before the agent processes the content.
- [COMMAND_EXECUTION]: The script run_research.py dynamically modifies the Python path using sys.path.insert with computed relative paths to load local modules from the parent project structure. Additionally, the SKILL.md file contains a hardcoded absolute path (/Users/kikuchihiroyuki/...) to the script location, revealing the local system username.
Audit Metadata