survey
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local utility scripts and small code snippets for its operational logic.
- Evidence: It runs a local validation script
scripts/validate_survey_artifacts.pyand utilizes a Python heredoc within a Bash command to calculate date offsets for GitHub search queries. These actions are transparent and support the primary research function. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it processes untrusted data from external sources.
- Ingestion points: Data enters the agent context through web fetching (
WebFetch) and GitHub API responses containing repository descriptions and metadata. - Boundary markers: The instructions mandate that the agent label evidence provenance (e.g., 'indexed snippet'), which aids in tracking data sources, though it does not explicitly mandate delimiters like triple backticks or 'ignore instructions' warnings for internal processing.
- Capability inventory: The skill utilizes
Bash,Write,Read, andWebFetchtools to conduct research and save artifacts. - Sanitization: No explicit logic is provided to filter out potential instructions embedded in the ingested web or repository data.
Audit Metadata