deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to search, scrape, and synthesize information from 15-25 untrusted web sources (Phase 1 and 2), creating a surface for indirect prompt injection. • Ingestion points: Content is fetched from numerous external URLs using tools like search, scrape, and crawl as described in SKILL.md. • Boundary markers: The skill lacks explicit instructions for the agent to use delimiters or ignore embedded instructions when processing external content. • Capability inventory: The skill uses browser_subagent, scrape, crawl, and get_file_contents tools. • Sanitization: No sanitization or validation of the ingested external content is defined.
- [COMMAND_EXECUTION]: The documentation in references/research-heuristics.md provides templates for shell commands (unzip, sed) and Python scripts for the agent to execute for extracting data from DOCX files.
- [EXTERNAL_DOWNLOADS]: The skill performs extensive automated network operations to gather data from third-party websites and GitHub repositories.
Audit Metadata