research-after-failure
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill requires the agent to read and synthesize content from external and untrusted sources, which could contain adversarial instructions (Category 8).\n
- Ingestion points: Local repository files (README.md, docs/, src/) and online web search results as specified in Steps 2, 3, and 4.\n
- Boundary markers: The protocol does not include instructions for using delimiters or boundary markers to isolate untrusted data from the agent's system prompt or reasoning context.\n
- Capability inventory: The skill utilizes powerful tools including shell command execution (cat, ls, grep, git) and network communication via the GitHub CLI (gh) to post research summaries.\n
- Sanitization: The skill lacks instructions for sanitizing or escaping the gathered information before the agent uses it to formulate a new approach or posts it as an issue comment.
Audit Metadata