lead-research-assistant
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest and process untrusted external data from web searches. Ingestion points: Web search results, company websites, and job postings. Boundary markers: Absent. Capability inventory: Read access to the local codebase (via 'analyze the codebase' instruction), network access (via search tools), and file write access (via 'save results to CSV' suggestion). Sanitization: Absent.
- [Data Exfiltration] (MEDIUM): The skill creates a data exfiltration path by combining sensitive local file access with external communication. A successful indirect prompt injection attack could use the agent's research tools to transmit parts of the codebase to an external server.
Recommendations
- AI detected serious security threats
Audit Metadata