last30days
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill identifies trends and best practices by fetching data from well-known services (OpenAI and xAI). It manages credentials by instructing users to store API keys in a local .env file with recommended restricted permissions (chmod 600), adhering to standard secret management practices.
- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface due to its core function of processing untrusted web content.
- Ingestion points: Research data is ingested from Reddit, X, and web searches via the modules in
scripts/lib/. - Boundary markers: Absent; the skill's instructions in
SKILL.mdrely on the agent's synthesis logic rather than explicit delimiters for external content. - Capability inventory: The skill possesses network access to communicate with search APIs and reads its own configuration file.
- Sanitization: Data is truncated for length, but the logic does not implement specific sanitization or filtering for adversarial prompt instructions in the ingested text.
Audit Metadata