tw-research-qualitative-analyzer
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It is designed to ingest and process untrusted external data in the form of interview transcripts, focus group records, and observation notes. If these documents contain hidden or explicit instructions meant to override the agent's behavior, the agent might follow them because the skill lacks explicit boundary markers or instructions to ignore embedded commands within the data.\n
- Ingestion points: Users are prompted in
SKILL.md(Step 1) to paste transcript data for analysis.\n - Boundary markers: There are no delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' warnings specified for the transcript input.\n
- Capability inventory: The skill is granted
Bash,Read, andWritepermissions in the frontmatter, providing a significant impact surface if an injection occurs.\n - Sanitization: No sanitization or validation of the input text is mentioned before processing.\n- [COMMAND_EXECUTION]: The skill requests access to the
Bashtool in its frontmatter (allowed-tools: "Bash, Read, Write"). While no malicious commands are hardcoded in the provided files, this capability allows the agent to execute shell commands. In the context of processing untrusted transcript data, this increases the risk that a malicious payload in a transcript could trigger unauthorized command execution.
Audit Metadata