dashboard-from-research
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it is designed to ingest and interpret external research data to drive automated code generation.
- Ingestion points: Research data is ingested via
memi research from-file <path>(Excel/CSV) andmemi research from-stickies(FigJam) as described inSKILL.md. - Boundary markers: Absent. The skill does not instruct the agent to use delimiters or specifically ignore natural language instructions that might be embedded within the research data files.
- Capability inventory: The skill possesses the capability to generate React/Tailwind code (
memi generate) and launch a local preview server (memi preview), which could be abused if malicious instructions in the research data influence the generated output. - Sanitization: There is no mention of sanitization or validation of the input data to ensure it contains only research findings and not executable instructions.
- [EXTERNAL_DOWNLOADS]: The skill references the author's GitHub repository (
https://github.com/sarveshsea/memi) for the underlying toolset. As this resource belongs to the skill's author, it is documented as a standard vendor resource and does not contribute to a high-risk assessment.
Audit Metadata