prospect-researcher
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill systematically crawls untrusted external sources (job postings, LinkedIn, blogs, and news) and incorporates this data into high-influence outputs like 'Engagement Recommendations' and 'Suggested Openers'.
- Ingestion points: Web search results for company intel, recent news, job postings, and LinkedIn activity (SKILL.md, Steps 1-4).
- Boundary markers: Absent. The instructions do not define delimiters for external data or warn the agent to ignore instructions embedded in the search results.
- Capability inventory: The agent performs reasoning to 'Qualify' leads (Hot/Warm/Cold) and 'Suggest Openers'. Malicious content on a target's website or social profile could manipulate these scores or trick the agent into generating a malicious 'opener' that the user might blindly follow.
- Sanitization: None provided. The skill relies on 'publicly available information' but does not filter for instructional content hidden within that data.
- [Remote Instruction Fetching] (MEDIUM): The skill directs the user/agent to 'https://afrexai-cto.github.io/context-packs' for additional instructions (ICP profiles). This is an untrusted external source providing logic that governs how the agent should behave, bypassing local review.
Recommendations
- AI detected serious security threats
Audit Metadata