deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bashtool to execute a Python script (run.py) which manages the research workflow. - [EXTERNAL_DOWNLOADS]: The skill fetches content from arbitrary external URLs provided in the
fetch_urlsparameter and retrieves data from the Tavily search API. These operations are essential to its primary purpose as a research tool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Data enters the agent's context through search results in
run.pyand external website content fetched via_fetch_page. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the fetched content. Capability inventory: The skill has network access and operates viabashcommand execution. Sanitization: The script uses regular expressions to strip HTML tags but does not validate the text content for malicious instructions that could influence the LLM's final summary output.
Audit Metadata