deep-research
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to fetch, read, and synthesize information from external sources (e.g., market analysis, technical research). This functionality introduces an indirect prompt injection surface where instructions hidden within the fetched content could potentially manipulate the agent's logic or the final report's content.
- Ingestion points: External data retrieved from the web or other research sources via
scripts/research.py. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions to isolate fetched content from the system prompt.
- Capability inventory: The skill executes a local Python script (
scripts/research.py) which likely requires network access and file system write permissions for report generation. - Sanitization: There is no mention of sanitizing or validating the content retrieved from external sources before it is processed by the model.
Audit Metadata