data-sleuth
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No-Code Skill (SAFE): The file SKILL.md contains only markdown instructions and metadata. There are no scripts, binaries, or references to external code execution.
- Indirect Prompt Injection (SAFE): The skill is designed to ingest and analyze untrusted external data (e.g., social media exports), which is a surface for indirect prompt injection. However, the severity is minimal because the skill lacks capabilities that an attacker could exploit (such as file-system writes or network exfiltration).
- Ingestion points: User-provided datasets identified in the 'Data Reconnaissance' section.
- Boundary markers: Absent; the instructions do not define delimiters to separate user data from system instructions.
- Capability inventory: Limited to analytical reasoning and the use of the 'AskUserQuestion' tool.
- Sanitization: Absent; the skill relies on the model's baseline safety filters.
Audit Metadata