us-program-research
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted student reviews from external websites.
- Ingestion points: The skill performs searches on public platforms such as Reddit, Niche, and GMAT Club to gather student feedback (documented in
references/subagent-prompts.md). - Boundary markers: There are no explicit instructions or delimiters used to separate the fetched content from the agent's internal instructions.
- Capability inventory: The skill utilizes web search tools, subagents, and file-writing capabilities to produce a Markdown report (
SKILL.md). - Sanitization: The instructions do not define methods for sanitizing or validating the content retrieved from external sources.
- [DATA_EXFILTRATION]: The skill initiates network operations to perform research and collect reviews from well-known external web services (Reddit, Niche, and university domains).
- [DATA_EXFILTRATION]: The skill collects user-provided personally identifiable information (PII), such as name, email address, and academic performance metrics, to create a customized application action plan for the user.
Audit Metadata