lead-research-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill instructs the agent to 'analyze the codebase' to understand the product. This broad file access can lead to the agent reading sensitive files such as .env, secrets.json, or private keys if they are present in the repository, potentially exposing them in the output.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted data from web searches and local environments. Evidence: 1. Ingestion points: Web search results (job postings, news) and local codebase files. 2. Boundary markers: Absent; there are no instructions to the agent to ignore malicious directives within retrieved data. 3. Capability inventory: File system read access and web search capability. 4. Sanitization: Absent; external data is processed directly to generate outreach strategies.
Audit Metadata