lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): This skill has an attack surface for indirect prompt injection as it is designed to ingest and process untrusted data from external sources and local files.
- Ingestion points: The skill instructions specify searching external websites for job postings, news, and company information, as well as analyzing the user's local codebase (SKILL.md, Step 1 & 3).
- Boundary markers: There are no explicit instructions or delimiters used to warn the agent to ignore instructions embedded within the codebase or retrieved web content.
- Capability inventory: The agent performs web searches and reads local files to extract business context.
- Sanitization: No sanitization or validation of the retrieved content is mentioned in the instructions.
Audit Metadata