research
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script accesses authentication tokens from the local filesystem.
- Evidence: scripts/research.sh searches the ~/.mcp-auth/ directory for token files.
- [EXTERNAL_DOWNLOADS]: The script dynamically downloads a package from the npm registry to facilitate OAuth authentication.
- Evidence: scripts/research.sh executes npx -y mcp-remote.
- [REMOTE_CODE_EXECUTION]: The script executes logic from a remote endpoint during its authentication routine.
- Evidence: The npx command in scripts/research.sh connects to https://mcp.tavily.com/mcp.
- [COMMAND_EXECUTION]: The script uses shell commands and network utilities for API interaction.
- Evidence: Use of curl and jq throughout scripts/research.sh.
- [PROMPT_INJECTION]: The skill processes untrusted web data, creating an indirect prompt injection risk. 1. Ingestion points: scripts/research.sh (Tavily API response content). 2. Boundary markers: Absent from the implementation. 3. Capability inventory: curl network requests, shell execution, file-writing via redirect. 4. Sanitization: No sanitization or filtering of API results is performed before returning data to the agent.
Audit Metadata