research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is instructed to execute the
geminibash command to synthesize research findings. This is a legitimate functional requirement but constitutes a command execution surface. - [EXTERNAL_DOWNLOADS] (LOW): The skill retrieves data from external web sources and GitHub repositories via the
WebSearchanddocs-seekertools to fulfill its research methodology. - [Indirect Prompt Injection] (LOW):
- Ingestion points: Untrusted data enters the agent context through
WebSearchresults and GitHub repository content (READMEs). - Boundary markers: Absent. The skill does not use specific delimiters or instructions to prevent the agent from obeying commands embedded in the external research materials.
- Capability inventory: The skill can execute bash commands and write markdown report files to the local system.
- Sanitization: Absent. There is no evidence of input validation, filtering, or escaping for the data retrieved from external sources.
Audit Metadata