taleb-perspective
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Detailed analysis of the skill instructions, persona definitions, and reference files found no evidence of malicious behavior or security policy violations.
- [PROMPT_INJECTION]: The skill implements an 'Agentic Protocol' that ingests untrusted data from the internet to perform research (SKILL.md, Step 2). This creates a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via 'WebSearch' and 'WebFetch' results as specified in 'SKILL.md'.
- Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore embedded instructions within retrieved search content.
- Capability inventory: The skill utilizes information retrieval tools ('WebSearch'); no local file-system writes, shell execution, or sensitive data access capabilities are defined in the provided files.
- Sanitization: Absent; the skill does not define validation or filtering logic for the ingested external content.
- [COMMAND_EXECUTION]: The README.md documentation lists standard installation commands using 'npx skills', which is the platform's intended method for distributing skills from the vendor 'alchaincyf'.
Audit Metadata