research-market
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill ingests data from public web sources (e.g., forums, review platforms) using WebSearch and WebFetch. While this represents a surface for Indirect Prompt Injection, the workflow includes a dedicated critic-agent and human review checkpoints that validate citations and evidence, effectively mitigating the risk of the agent following malicious instructions embedded in external content.
- [COMMAND_EXECUTION]: The skill has access to the Bash tool, which is used for internal orchestration and running provided maintenance scripts (e.g., manifest-sync.ts, bootstrap-experience.ts). These scripts are bundled with the skill, perform local file operations within the project root, and include safety checks to prevent directory traversal.
- [SAFE]: The skill does not contain hardcoded credentials, malicious persistence mechanisms, or attempts at privilege escalation. Its behavior aligns with its documented purpose of market and competitive research.
Audit Metadata