research-digest
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core function involves the ingestion and synthesis of untrusted data from external sources such as RSS feeds, social media, and web search results. This surface allows potentially malicious instructions embedded in researched content to influence the agent's subsequent actions.
- Ingestion points: RSS feeds, web search results, and social media platforms (Reddit, Twitter/X, LinkedIn) as specified in the Source Collection section of SKILL.md and search templates in REFERENCE.md.
- Boundary markers: Absent; the skill does not instruct the agent to use delimiters or specific ignore-instructions logic for the content it retrieves.
- Capability inventory: The skill defines a workflow for the agent and does not include independent scripts with file-write or subprocess execution capabilities, relying instead on the agent's built-in research tools.
- Sanitization: Absent; no validation or sanitization steps are defined for the content retrieved from external sources.
Audit Metadata