web-research-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/research.pyutilizes the__import__function to dynamically load the standarddatetimemodule. While the module name is hardcoded as a string literal, dynamic loading is a technique that can be used to evade static analysis detection of specific module usage.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting and processing untrusted data from the internet.\n - Ingestion points: Search results (titles, snippets, and URLs) are retrieved from the web via the BrowserAct API and processed in
scripts/research.py.\n - Boundary markers: The skill uses Markdown headers to structure the report, but does not provide explicit boundary markers or instructions to the agent to ignore potential commands embedded within the retrieved snippets.\n
- Capability inventory: The skill possesses the ability to perform network requests (via
requests) and write files to the local system (viaargparseandopen).\n - Sanitization: No validation or sanitization is performed on the web content before it is interpolated into the final Markdown report.\n- [DATA_EXFILTRATION]: The skill transmits search queries and authentication tokens to the
mcp.browseract.comdomain. This communication is required for the skill's primary functionality and targets the vendor's own infrastructure.
Audit Metadata