lead-discovery
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
WebFetchandWebSearchtools to retrieve business information from external websites and search engines. This behavior is essential for the skill's purpose and is performed within the standard operational scope of the agent. - [PROMPT_INJECTION]: The skill processes untrusted data from external websites and search results, presenting a surface for indirect prompt injection (Category 8).
- Ingestion points: External website content (Phase 1) and search engine results (Phase 2).
- Boundary markers: The instructions do not define explicit text delimiters, but they mandate multiple human-in-the-loop checkpoints where the agent must present findings to the user for confirmation before proceeding.
- Capability inventory: The skill has access to file system tools (
Read,Write,Edit) andBashexecution, which could be targeted by an injection. - Sanitization: The skill relies on user verification of summaries and research results in Phases 1, 2, and 3 to mitigate the risk of malicious instructions being processed from external content.
Audit Metadata