us-program-research
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill collects personal information such as the user's name, email, and academic background to personalize research results. This data is intended to be stored locally within the generated
{CANDIDATE_NAME}_US_PROGRAM_ACTION_PLAN.mdfile and is not transmitted to unauthorized external servers. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes content from external websites (Reddit, Niche, university domains) to generate rankings.
- Ingestion points: External data is ingested via web search tools in Phase 2 (Parallel Discovery) and Phase 3 (Deep Research) as defined in
references/subagent-prompts.md. - Boundary markers: Absent; the skill does not explicitly define delimiters to separate untrusted web content from its internal reasoning instructions.
- Capability inventory: The skill uses web search tools and file-writing capabilities to generate and save markdown reports.
- Sanitization: No specific sanitization or filtering logic is mentioned for the external content fetched during the research phases.
Audit Metadata