research-doc
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system operations and executes Git commands (
git add,git commit,git push). The user-provided<topic>is used directly in the commit message:git commit -m "docs: add research on <topic>". If the agent does not properly escape this string before execution, it could lead to command injection within the shell environment. - [DATA_EXFILTRATION]: The skill's primary function involves uploading local content to a remote server via
git push. Users should ensure the repository's remote destination is trusted, as any information researched or generated will be exfiltrated to that location. - [PROMPT_INJECTION]: The skill relies on parsing a topic from user prompts. Maliciously crafted topics could attempt to override the agent's instructions or influence the content of the generated document.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill ingests untrusted data from the user (the topic) and from external sources (websites and documentation) while gathering research.
- Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat researched content as data rather than instructions.
- Capability inventory: The skill possesses the ability to create directories, write files, and interact with a remote repository via Git.
- Sanitization: Although the instructions require a "slug" (lowercase, hyphenated) for the filename, which provides some sanitization for file paths, the original topic string is used unsanitized in the Git commit message.
Audit Metadata