product-specialist
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to instructions embedded in external data.
- Ingestion points: Untrusted data enters the agent context through 'Trend Researcher' (TikTok, App Store, social media) and 'Search Specialist' (web search operators and multi-source verification).
- Boundary markers: None provided in the instructions to help the agent distinguish between data to be analyzed and instructions to be followed.
- Capability inventory: The agent has access to 'Payment Integration' (handling Stripe/PayPal/Webhooks) and 'Quant Analyst' (developing trading algorithms and financial models), which are high-value targets for an attacker.
- Sanitization: No sanitization or filtering of external research content is mentioned.
- [No Code] (INFO): The analyzed file is purely descriptive markdown and does not contain executable shell commands or scripts. However, it defines an operational framework for other components that likely contain such logic.
Recommendations
- AI detected serious security threats
Audit Metadata