market-research

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a robust architecture with clear separation of concerns. All agents have well-defined roles, input/output contracts, and explicit boundary rules to prevent scope creep or unintended behavior.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive data access or exfiltration patterns were identified. The skill correctly limits its file access to project-specific research artifacts (e.g., research/product-context.md) and uses localized storage for its findings.
  • [PROMPT_INJECTION]: The orchestrator and agent files contain strong instructional logic (e.g., 'Critical Gates', 'Quality Gate Checklist') intended to ensure high-quality output. No override patterns or attempts to bypass LLM safety guidelines were found.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface via WebSearch and WebFetch. However, the risk is mitigated by the 'critic-agent', which validates citations, methodology, and evidence against structured templates before final delivery. The ingestion of external data is the primary intended function of this market research tool.
  • [COMMAND_EXECUTION]: Although Bash is listed in allowed-tools, its use within the instruction set is confined to local file management and tool orchestration. No evidence of arbitrary or dangerous shell command generation was found.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:04 PM
Security Audit — agent-trust-hub — market-research