research-notebook
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines a surface for ingesting untrusted data via the 'SOURCE' and 'FINDING' methods.
- Ingestion points: External data enters the agent context through research source descriptions and findings documented in 'NOTEBOOK.yml'.
- Boundary markers: The skill uses YAML templating (NOTEBOOK.yml.tmpl) to provide structural delimiters for data fields.
- Capability inventory: Limited to 'read_file' and 'write_file' for local data management.
- Sanitization: None explicitly defined, but the data is stored as flat documentation and not used to drive secondary tool execution.
- [Metadata Poisoning] (SAFE): The 'skill-snitch-report.md' file contains self-authored safety claims ('Risk Level: ZERO') and a pre-determined verdict. Per security protocols, these claims are treated as data for evaluation rather than authoritative conclusions.
Audit Metadata