research-brand
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external URLs and web searches, creating a surface for indirect prompt injection.\n
- Ingestion points: SKILL.md Step 1 and Step 2 describe fetching content from the target URL (homepage, /about, /pricing, etc.) and search results from platforms like Crunchbase and LinkedIn.\n
- Boundary markers: Absent; the instructions do not specify delimiters to isolate external text from internal reasoning.\n
- Capability inventory: The skill utilizes web crawling, search capabilities, and file system writes (writing
brand_dna.md).\n - Sanitization: Absent; the agent is directed to extract and synthesize data directly into the final report.\n- [COMMAND_EXECUTION]: The skill uses file system tools to save the research report (
brand_dna.md) to the local project directory, which is the intended legitimate output of the tool.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to crawl user-provided websites and query third-party search engines to gather brand intelligence.
Audit Metadata