ln-311-review-research-worker

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious behavior was detected in the skill or its associated scripts. The runtime logic is focused on state persistence and coordination within the project-local .hex-skills directory.\n- [PROMPT_INJECTION]: The skill's research function involves ingesting untrusted external data, which constitutes an indirect prompt injection surface. This is mitigated through structured summary requirements and rigorous source tracking protocols.\n
  • Ingestion points: Research evidence is collected from official documentation, MCP tools (Ref and Context7), and web searches during the workflow execution phases.\n
  • Boundary markers: The Epistemic Protocol (references/epistemic_protocol.md) establishes clear source marking conventions (e.g., '(verified via Ref/Context7)') to track data provenance and distinguish verified facts from model training data.\n
  • Capability inventory: The runtime framework provides capabilities for writing JSON artifacts to local directories and monitoring the status of background agent processes.\n
  • Sanitization: Internal state transitions and summary outputs are validated against predefined JSON schemas (references/scripts/coordinator-runtime/lib/validate.mjs) before being stored.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:29 AM
Security Audit — agent-trust-hub — ln-311-review-research-worker