deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill uses instructional language to guide the agent's behavior for research tasks. It does not contain any bypass markers, role-play injections (DAN), or instructions to ignore previous safety guidelines.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or network exfiltration patterns were detected. The skill only instructs the agent to save research findings to a local directory (
.research/literature/). - [Remote Code Execution / External Downloads] (SAFE): There are no commands to download or execute external scripts, packages, or binaries.
- [Indirect Prompt Injection] (LOW): The skill inherently processes untrusted data from external sources (academic databases like PubMed, arXiv).
- Ingestion points: External research databases mentioned in Step 2 (PubMed, arXiv, Google Scholar).
- Boundary markers: Absent from the provided markdown structure.
- Capability inventory: File writing to the
.research/literature/directory. - Sanitization: Not explicitly defined, though the skill mandates a '5-Step Literature Review Process' and 'ACRAP criteria' for source evaluation, which mitigates the risk of blindly following content from external papers.
Audit Metadata