Research
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill employs mandatory trigger instructions (e.g., 'ALWAYS invoke this skill') to override standard agent behavior.
- [PROMPT_INJECTION]: Features a customization mechanism that loads external files from '~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/Research/' to override default skill behavior.
- [COMMAND_EXECUTION]: Executes mandatory shell commands using curl to send notifications to a local service endpoint.
- [COMMAND_EXECUTION]: Dynamically executes a Node.js script via bun to manage parallel research processes and spawn child processes.
- [REMOTE_CODE_EXECUTION]: Facilitates the search and execution of third-party scripts (Actors) on the Apify platform via MCP tools.
- [DATA_EXFILTRATION]: Utilizes well-known services such as BrightData and Apify to process and scrape user-provided URLs, involving data transmission to external endpoints.
- [EXTERNAL_DOWNLOADS]: Extensively fetches content from remote URLs using multiple tools like WebFetch, fabric, and external MCP scrapers.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection; the skill ingests untrusted data from the web (Retrieve.md) and YouTube (YoutubeExtraction.md) and processes it using high-capability tools (subagents, fabric CLI) without explicit sanitization boundaries.
Audit Metadata