deepvista-recipe-research-to-vistabook
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill body consists of instructional documentation (a 'recipe') for using local tools. No malicious behavior or direct security threats were identified during the analysis.
- [COMMAND_EXECUTION]: The skill utilizes the 'deepvista' CLI tool to interact with a knowledge base. The commands (search, get, run) are consistent with the tool's intended use-case and the author's identity (DeepVista-AI).
- [PROMPT_INJECTION]: The workflow involves an indirect prompt injection surface where data retrieved from an external knowledge base is processed and used as input for subsequent tool execution.
- Ingestion points: External card content is retrieved via 'deepvista vistabase get' as described in SKILL.md.
- Boundary markers: Absent; the skill suggests summarizing findings into a plain context string without specific delimiters or isolation instructions.
- Capability inventory: The skill calls 'deepvista vistabook +run', which executes secondary workflows based on the input.
- Sanitization: No sanitization or validation of the retrieved content is mentioned before it is passed to the next stage.
Audit Metadata