research
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (MEDIUM): User-supplied input in
$ARGUMENTSis directly interpolated into the primary instruction ('Research this: $ARGUMENTS') without any delimiters or sanitization. This allows a user to provide instructions that could override the agent's intended behavior. - [Indirect Prompt Injection] (MEDIUM): By design, this skill processes external information ('Research a topic'). This creates an ingestion point for untrusted data. The skill lacks boundary markers (like XML tags or triple backticks) or explicit instructions to ignore embedded commands in the research material, which could lead to the agent following malicious instructions found in web content.
- [Dependency Reference] (LOW): The skill depends on guidance from an external file (
../../lib/research.md). While this is a local file reference, its content influences the agent's logic and should be audited for safe instruction sets.
Audit Metadata