research-brief
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through its data ingestion process.
- Ingestion points: The agent is instructed to read content from web searches, project context files, user-uploaded documents, and recent emails in
SKILL.md. - Boundary markers: The instructions do not specify any delimiters or safety warnings to treat external data as untrusted or to ignore embedded instructions within that data.
- Capability inventory: The skill utilizes file system access to read existing research and preferences, and it writes the final brief to the
/output/directory. - Sanitization: There is no evidence of input validation or sanitization for the content retrieved from external sources before it is synthesized into the final report.
Audit Metadata