Company Research Report
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security vulnerabilities, malicious code, or suspicious patterns were found within the provided skill files. All operations are descriptive and intended for information gathering.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it ingests untrusted content from external websites during the research phase. However, the risk is classified as safe because the skill does not possess capabilities (such as code execution, file writing, or credential access) that would allow for exploitation beyond the content of the generated report.\n
- Ingestion points: Web search results and external URLs visited in Phase 1 and Phase 2 of the methodology (SKILL.md).\n
- Boundary markers: The instructions include a strict 'Report Format' and 'Output Contract' to structure the response, but no explicit delimiters are used to wrap or sanitize external content.\n
- Capability inventory: The skill only requires the
web_searchcapability; no high-risk capabilities like subprocess execution or local file access are utilized.\n - Sanitization: No validation or filtering of external website content is implemented before the synthesis of the final report.
Audit Metadata