deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as its core functionality involves searching and reading external web content to generate reports. \n
- Ingestion points: Untrusted data from the internet enters the agent context via the research and synthesis process. \n
- Boundary markers: The provided documentation does not specify the use of delimiters or instructions to ignore embedded commands in the source material. \n
- Capability inventory: The skill executes
scripts/research.py, which utilizes network access for research and file access for report generation. \n - Sanitization: There is no evidence of content sanitization or validation before the data is synthesized by the LLM. \n- [COMMAND_EXECUTION]: The skill operates by executing local Python scripts (
scripts/research.py) with various command-line arguments to manage research tasks. \n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external Python dependencies via arequirements.txtfile. Whilehttpxis a well-known package, the full list of dependencies is not provided for verification.
Audit Metadata