runner-research
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill performs legitimate research tasks using web search tools and updates local documentation.
- [EXTERNAL_DOWNLOADS]: References external documentation and official repositories from trusted organizations including Anthropic, Google, GitHub, and OpenAI. These references are used for informational purposes and are documented neutrally.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external content from web search results. Evidence: 1. Ingestion points: web_search tool results defined in workflow steps. 2. Boundary markers: absent. 3. Capability inventory: reads local project source code (runner.rs) and writes to references/runners-catalog.md. 4. Sanitization: absent.
Audit Metadata