research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface. The skill workflow involves processing untrusted data from external sources. Evidence Chain: 1. Ingestion points: Discovery workflows in references/discovery-patterns.md utilize firecrawl.search and octocode.githubSearchIssues to retrieve external data. 2. Boundary markers: The instructions lack explicit delimiters or specific warnings for the agent to ignore instructions embedded within retrieved content. 3. Capability inventory: Tools are limited to research functions (context7, octocode, firecrawl); no high-risk capabilities like file system writing or arbitrary code execution are defined within this skill. 4. Sanitization: No content sanitization or filtering logic is described.
- [DATA_EXFILTRATION] (SAFE): No sensitive file access (e.g., SSH keys, env files) or hardcoded credentials were detected.
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documentation and logic instructions; no executable scripts, binaries, or source code for runtime compilation are provided.
Audit Metadata