lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from WebSearch snippets and WebFetch results from various company websites, creating a vulnerability surface for indirect prompt injection. * Ingestion points: Data enters the agent's context through web search results and fetched website text as described in the browser scraping guide. * Boundary markers: There are no explicit instructions or delimiters defined to isolate external content or prevent the agent from following instructions found within it. * Capability inventory: The skill has the capability to write files and execute shell commands for directory management. * Sanitization: The skill does not implement validation or escaping of the web-sourced data before processing it for scoring or inclusion in reports.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to manage the local file system and generate output. * Evidence: Instructions in the main skill file specify the use of
mkdir -pto create output directories. * Evidence: The export templates documentation suggests the use ofbashheredocs to create CSV and Markdown files, which involves executing code with data derived from external sources.
Audit Metadata