best-practices-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's functionality, including searching the filesystem for instruction files and retrieving external documentation, is consistent with its stated purpose as a technology researcher.
- [COMMAND_EXECUTION]: The skill utilizes filesystem globbing (e.g.,
**/**/SKILL.md) to discover and read domain-specific instruction files in the local environment. This is a functional requirement for its role in aggregating curated knowledge from other installed skills. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and synthesize content from external websites and local files. It is explicitly instructed to extract patterns and capture code examples from these sources.
- Ingestion points: Local
SKILL.mdfiles found via globbing and external documentation accessed through web search tools. - Boundary markers: Absent; the skill does not explicitly instruct the agent to use delimiters or ignore instructions embedded in the processed data.
- Capability inventory: High-level data synthesis, recommendation generation, and code template production.
- Sanitization: Absent; the skill relies on the underlying model's safety guardrails when processing external text.
Audit Metadata