icp-research

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process untrusted data from external platforms (Reddit, Twitter, G2, Capterra) using WebSearch and WebFetch tools.
  • Ingestion points: The voc-collector-agent.md and habitat-agent.md are instructed to fetch quotes and community data from public forums and social media websites.
  • Boundary markers: Absent. The instructions do not specify delimiters or 'ignore' instructions to isolate untrusted external content from the agent's control flow.
  • Capability inventory: The skill utilizes Bash, WebFetch, Read, and file-system tools. It writes synthesized artifacts to the research/ directory.
  • Sanitization: While the critic-agent.md validates the integrity and attribution of Voice of Customer (VoC) quotes, it does not specifically sanitize the input for hidden instructions or adversarial prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:03 PM
Security Audit — agent-trust-hub — icp-research