research
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'gemini' bash command to perform research and generate report content, utilizing an external CLI tool associated with a well-known AI service providers official repository.
- [DATA_EXFILTRATION]: The skill writes research reports to the local file system at './plans//reports/'. This allows the agent to organize research results but establishes a file-system interaction surface where plan names or topics influence the write path.
- [PROMPT_INJECTION]: The skill processes untrusted data from web searches and GitHub repositories, creating an indirect prompt injection surface. 1. Ingestion points: Data fetched via the WebSearch tool and GitHub documentation analysis. 2. Boundary markers: The skill relies on procedural instructions for content cleaning in reference files rather than structural delimiters in the prompt templates. 3. Capability inventory: Subprocess execution (gemini CLI), local file writing, and dynamic skill loading via capability discovery. 4. Sanitization: Includes a dedicated 'Sanitization Workflow' in 'references/bias-detection.md' that instructs the agent to identify and strip malicious directives from ingested content.
Audit Metadata