deep-research
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The skill's documentation (README.md) describes an 'Auto-Continuation System' that performs 'recursive agent spawning' and 'code execution'. This architecture allows the agent to programmatically generate and execute new sub-tasks or code blocks based on research findings, which constitutes a dynamic execution risk when the input data is attacker-controlled.\n- Indirect Prompt Injection (LOW): The skill is designed to ingest and synthesize information from 'hundreds of websites' (Phase 3: Retrieve). Malicious instructions embedded in these external sources could influence the research output or the parameters of recursively spawned agents.\n
- Ingestion points: Phase 3 'Retrieve' logic described in README.md and implemented in the (referenced but missing)
research_engine.py.\n - Boundary markers: The README mentions 'CiteGuard' and 'Citation Validation' for source verification, though these are not robust against adversarial prompt injection.\n
- Capability inventory: Mentions 'recursive agent spawning' via the agent's 'Task tool', file-based state preservation, and 'code execution' capabilities.\n
- Sanitization: No explicit sanitization or instruction-filtering logic is observed in the provided utility scripts (
md_to_html.py,citation_manager.py, orsource_evaluator.py).
Audit Metadata