research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE] (INFO): The skill defines behavior through natural language only. There are no scripts, binaries, or configuration files that execute commands or manage external dependencies.\n- [Indirect Prompt Injection] (INFO): This skill has an ingestion surface for untrusted external data (research topics) which could contain malicious instructions. However, because the skill lacks code execution or data exfiltration capabilities, the risk is negligible.\n
- Ingestion points: SKILL.md (Research question, context inputs)\n
- Boundary markers: Absent (No delimiters or safety warnings are used to separate untrusted research data from instructions)\n
- Capability inventory: None (No subprocess, network, or file-write capabilities were identified across the skill)\n
- Sanitization: Absent (No validation or escaping of external content is performed)
Audit Metadata