deep-research
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled script,
scripts/check_saturation.py, to perform heuristic analysis on research progress. This script calculates source diversity and keyword coverage to determine if additional subagents are required. - [PROMPT_INJECTION]: The skill ingests untrusted data from the internet by deep-crawling web pages, PDFs, and data reports, which introduces a surface for indirect prompt injection.
- Ingestion points: External web content and documents retrieved via the
agent-browsertool as specified in the subagent instructions inSKILL.md. - Boundary markers: Absent; there are no explicit delimiters or instructions provided to subagents to help them distinguish between factual data and potential malicious instructions embedded in the content being researched.
- Capability inventory: The skill maintains full file-system access within the research workspace, can execute local Python scripts, and possesses the ability to spawn and instruct autonomous subagents.
- Sanitization: There is no evidence of filtering or sanitizing the content extracted from web sources before it is written to the research workspace and synthesized into the final report.
Audit Metadata