report-findings
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill consists of guidelines for multi-source research and synthesis. No patterns for bypassing safety filters, ignoring instructions, or extracting system prompts were found.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or network activity (like curl or fetch) are present in the documentation or templates.
- Remote Code Execution & Dependencies (SAFE): No package installations (pip, npm) or remote script executions were detected. The skill contains only Markdown files.
- Indirect Prompt Injection (SAFE): While the skill's purpose is to process external research data, it mandates defensive behaviors. Ingestion points: Research sources described in SKILL.md; Boundary markers: Markdown headers in output-template.md; Capability inventory: None (no code or tool calls included); Sanitization: Source authority assessment criteria in source-tiers.md.
Audit Metadata