lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted external data from web searches, job postings, and news articles as part of its lead research process.
- Ingestion points: External data enters the agent context during Step 3 ("Research and Identify Leads") via web searches and company website analysis.
- Boundary markers: Absent. The instructions do not include delimiters or warnings to the agent to ignore instructions embedded within the researched external content.
- Capability inventory: The agent utilizes file-read capabilities (to analyze local codebases in Step 1) and web-read/search capabilities.
- Sanitization: No sanitization or validation of external content is specified.
- [Data Exposure] (SAFE): The skill encourages users to run the agent against their local codebase to understand the product (Step 1). While this is a functional feature for providing business context, it presents a potential data exposure surface if the repository contains hardcoded secrets or sensitive proprietary logic that the agent might include in its summarized output.
Audit Metadata