lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill workflow requires the agent to analyze untrusted data from the web (such as news, job postings, and company websites) and local codebases. This creates a surface for indirect prompt injection where malicious instructions embedded in external content could influence the agent's behavior. \n
- Ingestion points: Local codebase (Step 1) and external web research (Step 3). \n
- Boundary markers: Absent; the instructions do not include delimiters or warnings to ignore embedded instructions in the ingested data. \n
- Capability inventory: The skill implies the use of web search and local file reading tools. \n
- Sanitization: Absent; there are no instructions to sanitize or validate the external content before it is processed by the LLM. \n- [Data Exposure] (LOW): The instruction to analyze the user's codebase for product context may lead to the unintended disclosure of sensitive information if the agent includes internal comments, architectural secrets, or hardcoded metadata in its lead reports.
Audit Metadata