company-research
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of processing untrusted external data.
- Ingestion points: External data enters the agent context via Exa search results including company metadata, news articles, and social media posts (tweets).
- Boundary markers: The skill instructions do not define clear delimiters or specific instructions for the agent to ignore potentially malicious commands embedded in search results.
- Capability inventory: The skill possesses significant capabilities including spawning task agents and performing browser automation via a Chrome fallback mechanism.
- Sanitization: No sanitization, filtering, or validation logic is specified for the external content before it is processed by the LLM intelligence.
- Mitigating Factor: The 'Token Isolation' instruction acts as a partial architectural defense by confining untrusted data processing to isolated sub-agents, preventing the main context from direct exposure.
Audit Metadata