icp-research
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process untrusted data from external platforms (Reddit, Twitter, G2, Capterra) using
WebSearchandWebFetchtools. - Ingestion points: The
voc-collector-agent.mdandhabitat-agent.mdare instructed to fetch quotes and community data from public forums and social media websites. - Boundary markers: Absent. The instructions do not specify delimiters or 'ignore' instructions to isolate untrusted external content from the agent's control flow.
- Capability inventory: The skill utilizes
Bash,WebFetch,Read, and file-system tools. It writes synthesized artifacts to theresearch/directory. - Sanitization: While the
critic-agent.mdvalidates the integrity and attribution of Voice of Customer (VoC) quotes, it does not specifically sanitize the input for hidden instructions or adversarial prompts.
Audit Metadata