tw-research-grounded-theory
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted user data (interviews and observations) while the execution environment has access to powerful tools.
- Ingestion points: Step 1 explicitly asks the user to provide "Interview/observation data" for analysis.
- Boundary markers: The instructions do not implement boundary markers or delimiters to isolate the user-provided data from the agent's logic.
- Capability inventory: The skill's frontmatter configuration allows access to
Bash,Read, andWritetools, creating a potential path for code execution if the ingested data contains adversarial instructions. - Sanitization: There are no visible sanitization or validation routines to identify or neutralize instructions embedded within the processed text.
Audit Metadata