market-research
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust architecture with clear separation of concerns. All agents have well-defined roles, input/output contracts, and explicit boundary rules to prevent scope creep or unintended behavior.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive data access or exfiltration patterns were identified. The skill correctly limits its file access to project-specific research artifacts (e.g.,
research/product-context.md) and uses localized storage for its findings. - [PROMPT_INJECTION]: The orchestrator and agent files contain strong instructional logic (e.g., 'Critical Gates', 'Quality Gate Checklist') intended to ensure high-quality output. No override patterns or attempts to bypass LLM safety guidelines were found.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface via
WebSearchandWebFetch. However, the risk is mitigated by the 'critic-agent', which validates citations, methodology, and evidence against structured templates before final delivery. The ingestion of external data is the primary intended function of this market research tool. - [COMMAND_EXECUTION]: Although
Bashis listed inallowed-tools, its use within the instruction set is confined to local file management and tool orchestration. No evidence of arbitrary or dangerous shell command generation was found.
Audit Metadata