prospect-investigation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest data from external and untrusted sources, which could contain malicious instructions intended to subvert the agent's behavior.
- Ingestion points: Instruction 1 ('analyze the codebase to understand the product') and Instruction 3 ('Search for companies... news') in SKILL.md.
- Boundary markers: Absent. The skill does not provide delimiters or instructions for the agent to ignore potentially malicious content within the files or websites it reads.
- Capability inventory: The skill relies on file-reading capabilities (to analyze the repository) and web search/scraping capabilities (to research prospects).
- Sanitization: Absent. There is no mention of sanitizing or escaping the data retrieved from external sources before it is processed by the LLM.
- [Data Exposure] (LOW): The instruction to 'analyze the codebase' presents a minor risk of the agent inadvertently reading and exposing sensitive configuration files (e.g., .env, secrets) to the prompt context if the repository contains them, though no specific sensitive paths are explicitly targeted in the instructions.
Audit Metadata