research-analyst
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data which introduces a surface for indirect prompt injection attacks. \n
- Ingestion points: The skill ingests transcripts, meeting notes, and customer research material from various sources (SKILL.md). \n
- Boundary markers: There are no explicit boundary markers or instructions to disregard potential commands within the ingested text. \n
- Capability inventory: The skill can write to the local filesystem (pm-workspace-docs/) and execute actions through multiple well-known MCP servers (Slack, HubSpot, Linear, Notion, PostHog). \n
- Sanitization: No sanitization or validation logic is specified for the input data before it is processed or used in tool calls.
Audit Metadata