signal-sourcer
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious code or suspicious command execution was found. The skill consists entirely of Markdown files used for instructional purposes and strategic guidance.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill includes instructions for the agent to ingest and analyze untrusted external data, such as LinkedIn comments and G2 reviews. While this constitutes an attack surface, the skill lacks the computational capabilities (e.g., file system writes, network requests, or subprocess execution) required to escalate an injection into a significant security breach. Evidence found in
competitor-signals/SKILL.md(G2 scraping) andcontent-engagement/SKILL.md(LinkedIn monitoring).
Audit Metadata