deepsearch
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The 'deepsearch' skill is a workflow specification document and does not include any executable scripts, binaries, or configuration files.
- [COMMAND_EXECUTION]: The workflow involves executing an external script 'python scripts/web_search.py' with dynamically generated queries. The security of this operation depends on the implementation of the external web-search skill.
- [PROMPT_INJECTION]: The skill processes untrusted external data which creates a surface for indirect prompt injection. Malicious search results could potentially manipulate the LLM's search direction or the content of the research report.
- Ingestion points: Web search results (summaries) are appended to the 'findings' array defined in SKILL.md.
- Boundary markers: The workflow description does not specify any delimiters or instructions to treat search results as untrusted content.
- Capability inventory: The skill uses LLM logic to decide on further search topics and command executions based on the collected findings (SKILL.md).
- Sanitization: No sanitization or filtering of the search results is mentioned before they are processed by the LLM.
Audit Metadata