lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources and the local environment. Ingestion points: The skill reads web search results for company signals and local codebase files for product understanding. Boundary markers: The instructions do not define delimiters or warnings to ignore embedded instructions in the ingested data. Capability inventory: The agent utilizes web search and local file access capabilities. Sanitization: No escaping or validation of external content is specified.
- No Code (SAFE): The skill consists only of a markdown configuration file and does not include any scripts, binaries, or configuration files that could execute commands.
Audit Metadata