best-practices-researcher
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected due to ingestion of untrusted external and local data.
- Ingestion points: The skill reads
SKILL.mdfiles from multiple locations including~/.claude/skills/**/and fetches online documentation via theContext7MCP. - Boundary markers: Absent. The instructions do not specify using delimiters or explicit warnings to ignore instructions embedded within the fetched research material.
- Capability inventory: The agent has capabilities to read local files (via Glob) and access network resources (via MCP).
- Sanitization: None. The content is summarized and synthesized directly into the agent's output context.
- [DATA_EXFILTRATION] (SAFE): While the skill reads local files, it is specifically restricted to
SKILL.mdfiles within defined skill directories. This is consistent with its primary purpose and does not target sensitive user data like credentials or SSH keys.
Audit Metadata