research-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to fetch and process untrusted data from the web, which creates a surface for indirect instructions to influence the agent's planning logic.
- Ingestion points: User-provided research topics and content retrieved from external websites via the
WebFetchandWebSearchtools. - Boundary markers: Absent. The workflow instructions do not define clear delimiters or "ignore embedded instructions" warnings when passing data to the
research-methodologyskill or generating the task list. - Capability inventory: The skill can write to the local file system (
research-tasks.md), manage persistent tasks, and trigger other skills. - Sanitization: The instructions do not specify any sanitization, filtering, or validation steps for content fetched from the web before it is incorporated into the project plan.
Audit Metadata