paul-graham-perspective
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection within its 'Paul Graham Perspective' workflow.
- Ingestion points: The skill explicitly instructs the agent to use search tools (e.g., WebSearch) to gather external information about founders, markets, and products (SKILL.md, Step 2).
- Boundary markers: There are no instructions for the agent to wrap external content in delimiters or use markers to separate untrusted search results from the system's core instructions.
- Capability inventory: The skill utilizes tool-calling capabilities (WebSearch) and incorporates the results into the model's final response generation. It does not contain instructions for dangerous shell commands or sensitive file access.
- Sanitization: The skill lacks any instructions for sanitizing, validating, or escaping data retrieved from the web before it is analyzed by the agent.
Audit Metadata