b2b-research-agent
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external data. \n
- Ingestion points: The agent context receives untrusted data during web research of LinkedIn profiles, company websites, and news sources as described in Path A and B workflows (File: SKILL.md). \n
- Boundary markers: Absent; there are no specific instructions to delimit or ignore instructions contained within external data. \n
- Capability inventory: The agent has the capability to perform web searches and write data to the local file system in the form of HTML reports, JSON state files, and session logs (File: SKILL.md). \n
- Sanitization: Absent; the skill does not specify validation or filtering of retrieved web content before processing or interpolation. \n- [COMMAND_EXECUTION]: The agent is tasked with extensive file system operations to manage its state and deliverables. \n
- Evidence: Instructions in SKILL.md (Context Orchestration Protocol) direct the agent to read and write JSON state, session logs, and HTML/Markdown reports within a structured .beam/ directory to maintain long-running engagement context. \n- [EXTERNAL_DOWNLOADS]: HTML templates reference assets from well-known technology services. \n
- Evidence: Files in the references directory (report-template.html, engagement-timeline-template.html) load Font Awesome icons and Google Fonts from established CDNs.
Audit Metadata