tech-stack-detective
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from several untrusted external sources, including LinkedIn job listings, company homepages, and search results. This architecture is vulnerable to indirect prompt injection, where an attacker could place malicious instructions within these public signals to influence the agent's summary or behavior. Ingestion points: Step 2 parallel research phase (SKILL.md). Boundary markers: The skill uses specific output format instructions (JSON) and behavioral constraints ("STRICT RULES") to limit the impact of processed content. Capability inventory: Use of
tinyfish agent runfor external data retrieval and shell commands for file handling. Sanitization: No explicit filtering or sanitization of the scraped text is performed prior to the final synthesis step. - [COMMAND_EXECUTION]: Uses local shell commands (
which,tinyfish,cat,echo,wait) and the TinyFish CLI to coordinate data gathering and manage temporary files in the/tmp/directory. These operations are aligned with the skill's stated purpose of data aggregation and reporting. - [EXTERNAL_DOWNLOADS]: Instructs the user to install the
@tiny-fish/cliglobal package from the npm registry. This package is a core component provided by the skill's vendor (tinyfish-io) to facilitate the agent-based research workflow.
Audit Metadata