lead-research-assistant
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted external data from web searches, job postings, and news articles to enrich lead data. There are no boundary markers or sanitization instructions, allowing malicious external content to influence agent behavior. (Ingestion points: SKILL.md Instructions 1 & 3; Boundary markers: Absent; Capability inventory: Filesystem access for codebase analysis and Network access for web research; Sanitization: Absent).
- [Data Exposure & Exfiltration] (MEDIUM): The skill instructs the agent to 'analyze the codebase' to understand a product. This broad access may ingest sensitive files such as .env, secrets, or proprietary logic. Because the agent subsequently performs external research, there is a risk of data leakage or exfiltration of this sensitive context to third-party search engines or APIs.
- [Command Execution] (LOW): The requirement to 'analyze the codebase' implies the use of file system tools or search utilities. While standard for this task, this increases the attack surface if the agent's command parameters are influenced by malicious instructions found within the code being analyzed.
Recommendations
- AI detected serious security threats
Audit Metadata