x-deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it fetches and processes untrusted data from the web.
- Ingestion points: The skill performs research using OpenAI's deep research models, which involves ingesting data from arbitrary public websites as specified in the templates (company, person, product).
- Boundary markers: The
prompts/base.mdfile defines 'Hard Constraints' and 'Citation Style' instructions to the model, which serve as formatting boundaries but do not provide a secure delimiter to prevent the model from obeying instructions embedded in the web content it reads. - Capability inventory: The skill uses
scripts/deep_research.py(executed viapoetry) to write research reports to the local file system (specifically~/brain/obsidian/Timatron/...). This allows untrusted data to influence the content written to the user's local vault. - Sanitization: No evidence of sanitization, filtering, or HTML/JavaScript stripping is present in the prompt templates or instructions.
Audit Metadata