deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted web content as part of its core research function, creating a surface for indirect prompt injection. This is evaluated as a safe operational risk given the primary purpose of the skill. Evidence Chain: 1. Ingestion points: Research data retrieved from external URLs via search subagents. 2. Boundary markers: Absent; fetched content is processed without explicit structural delimiters. 3. Capability inventory: Local filesystem writes (to save reports) and tool execution (Task tool). 4. Sanitization: Instructions specify stripping HTML boilerplate to minimize noise, but robust instruction-injection prevention is not implemented.
- [SAFE]: The skill exhibits no patterns of credential exfiltration, persistence mechanisms, or unauthorized privilege escalation. The 'LeadResearcher' persona is used strictly for output structuring and does not attempt to bypass core safety constraints.
Audit Metadata