unblocked-research
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the processing of data from external sources such as Slack, Jira, and pull requests, which introduces a surface for indirect prompt injection where instructions embedded in those sources could influence the agent's behavior.
- Ingestion points: Data retrieved from Slack threads, Jira issues, and PR comments via the research_task tool.
- Boundary markers: No specific delimiters or instructions are provided to distinguish between system prompts and the processed external content.
- Capability inventory: The generated research brief is intended to be used by the agent to form implementation plans and determine subsequent tool calls.
- Sanitization: No content filtering or validation processes are described for the data retrieved from external systems.
- [COMMAND_EXECUTION]: The skill contains logic in the Tool Availability Safety Handler that instructs the agent to dynamically map tool names using a discovery mechanism like listTools. While this is a compatibility layer, it dictates how shell-level or API-level commands are resolved and executed at runtime.
Audit Metadata