Skills
skills/collaborative-deep-research/agent-papers-cli/deep-research/Gen Agent Trust Hub

deep-research

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection by ingesting data from the internet.
  • Ingestion points: Data enters the agent context through paper-search google web, paper-search browse <url>, and paper read <arxiv_id>.
  • Boundary markers: There are no delimiters or instructions to ignore commands embedded in the retrieved research text.
  • Capability inventory: The agent has access to Bash, Read, and Write tools.
  • Sanitization: Retreived text is not sanitized or escaped before processing.
  • Command Execution (LOW): The workflow interpolates the $ARGUMENTS variable directly into shell commands (e.g., paper-search google web "$ARGUMENTS"). If the research topic contains shell metacharacters and the execution environment does not properly escape them, it could lead to arbitrary command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 04:56 AM