research-market

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill ingests data from public web sources (e.g., forums, review platforms) using WebSearch and WebFetch. While this represents a surface for Indirect Prompt Injection, the workflow includes a dedicated critic-agent and human review checkpoints that validate citations and evidence, effectively mitigating the risk of the agent following malicious instructions embedded in external content.
  • [COMMAND_EXECUTION]: The skill has access to the Bash tool, which is used for internal orchestration and running provided maintenance scripts (e.g., manifest-sync.ts, bootstrap-experience.ts). These scripts are bundled with the skill, perform local file operations within the project root, and include safety checks to prevent directory traversal.
  • [SAFE]: The skill does not contain hardcoded credentials, malicious persistence mechanisms, or attempts at privilege escalation. Its behavior aligns with its documented purpose of market and competitive research.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 10:16 PM
Security Audit — agent-trust-hub — research-market