Skills
NYC
skills/ovachiever/droid-tings/lead-research-assistant/Gen Agent Trust Hub

lead-research-assistant

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. The skill processes external web content and local repository files. Attackers can embed malicious instructions in these sources to hijack agent logic.
  • [DATA_EXFILTRATION] (HIGH): Risk of codebase exfiltration. By combining codebase analysis with web search and data enrichment capabilities, an attacker could use indirect injection to force the agent to send sensitive code or secrets to an external domain.
  • [INDIRECT_PROMPT_INJECTION_SURFACE] (HIGH): Mandatory Evidence Chain: 1. Ingestion points: External websites and local codebase (SKILL.md Instructions 1, 3). 2. Boundary markers: Absent. 3. Capability inventory: File system read (codebase) and network access (search). 4. Sanitization: Absent.
  • [NO_CODE] (LOW): The skill consists entirely of natural language instructions without accompanying scripts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 11:39 PM