best-practices-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the processing of untrusted data from multiple sources.
- Ingestion points: Uses the Glob tool to read local
SKILL.mdfiles across the filesystem (e.g.,**/**/SKILL.md) and the Context7 MCP to fetch external documentation from the web and GitHub repositories. - Boundary markers: The instructions lack specific delimiters or instructions to the agent to disregard embedded commands or formatting within the ingested text.
- Capability inventory: The skill has capabilities to read files, perform network-based research, and synthesize data for the user.
- Sanitization: There is no specified logic for sanitizing or validating the content of the files or web pages before they are processed by the agent.
- [COMMAND_EXECUTION]: The skill utilizes recursive filesystem traversal via
Globpatterns (**/**/SKILL.md) to discover and read the full content of skill files, which may lead to processing unintended files if the agent has broad permissions. - [EXTERNAL_DOWNLOADS]: The skill performs extensive network operations to retrieve data from official documentation sites, GitHub, and general web searches to satisfy research requests.
Audit Metadata