skill-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external, potentially untrusted sources.
- Ingestion points: It uses
mcp__zread__read_fileto ingestSKILL.mdand other reference files from external GitHub repositories. - Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions when reading and translating external files, making the agent vulnerable to instructions hidden within those files.
- Capability inventory: The skill has the ability to search the web, read remote files, and create new directory structures/files on the local system.
- Sanitization: There is no evidence of sanitization or validation of the fetched external content before it is processed for analysis and translation.
Audit Metadata