Skills
skills/aiskillstore/marketplace/startup-business-analyst-market-opportunity/Gen Agent Trust Hub

startup-business-analyst-market-opportunity

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructions direct the agent to use WebSearch and WebFetch tools to gather data from external domains (Step 4 of SKILL.md). These operations target non-whitelisted domains.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by retrieving and processing external content from the web without explicit sanitization or boundary markers.
  • Ingestion points: WebSearch and WebFetch are used to retrieve industry reports, public filings, and other external data.
  • Boundary markers: The skill lacks instructions to wrap or delimit external content to prevent it from overriding agent instructions.
  • Capability inventory: The skill has access to tools including Bash, Write, and Edit, which provide a significant capability surface if an indirect injection were successful.
  • Sanitization: There are no documented steps for filtering or validating the content retrieved from external sources before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 09:52 PM
Security Audit — agent-trust-hub — startup-business-analyst-market-opportunity