research-assistant
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to proactively search the web, read files, and fetch documentation to generate reports. This creates an indirect prompt injection surface where instructions embedded in external content could influence agent behavior.
- Ingestion points: Web search results, external URLs, and local files (SKILL.md).
- Boundary markers: Absent. There are no instructions for the agent to use delimiters or ignore instructions found within retrieved data.
- Capability inventory: The agent is encouraged to perform web searches, read files, and reference results from a 'computation, query or script' (SKILL.md).
- Sanitization: Absent. No validation or filtering of external content is required before processing.
- [EXTERNAL_DOWNLOADS]: The skill explicitly directs the agent to 'Proactively Make Web Searches' and fetch documentation from external links. While these are core functionalities, they involve processing data from non-whitelisted and arbitrary external domains.
- [COMMAND_EXECUTION]: The instructions reference tracing statements back to a 'computation, query or script you ran,' which indicates the agent is expected to use execution capabilities as part of its research methodology.
Audit Metadata