market-scanner
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential indirect prompt injection surface because it ingests untrusted data from the user and integrates it into tool-based search queries.
- Ingestion points: User-provided business descriptions, product details, and category names are collected via conversation or read from files in
brand-memory/andresearch-memory/. - Boundary markers: There are no explicit delimiters or instructions (e.g., "ignore embedded instructions") surrounding the user input when it is interpolated into the query patterns for the
perplexity_reasonandperplexity_asktools. - Capability inventory: The skill can execute file read/write operations on the local system (within
research-memory/) and perform external lookups via the Perplexity MCP tools. - Sanitization: No evidence of input validation, escaping, or sanitization of user-provided content was found before it is used to generate queries.
Audit Metadata