deep-learning-agent
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core design of fetching, reading, and synthesizing untrusted web content.
- Ingestion points: The skill uses
web_searchandweb_fetchto ingest data from diverse and untrusted internet sources (Reddit, Twitter/X, and general websites) as described inreferences/research-protocol.md. - Boundary markers: While the skill uses a structured template (
references/brain-template.md), it lacks explicit markers or instructions to isolate the retrieved data or prevent the agent from obeying instructions embedded within the fetched content. - Capability inventory: The skill possesses the ability to read and write files to the local
brains/directory, perform network operations via search/fetch tools, and potentially spawn additional agent processes for adversarial debates. - Sanitization: No sanitization or filtering mechanisms are defined for the content retrieved from external sources before it is synthesized into the agent's decision-making frameworks.
- [EXTERNAL_DOWNLOADS]: The research protocol instructs the agent to perform broad and deep web fetches from untrusted third-party sources to build its knowledge base, creating a large attack surface for malicious data ingestion.
- [COMMAND_EXECUTION]: The skill relies on frequent filesystem interactions, specifically reading and writing markdown files in the
brains/directory to manage its long-term knowledge storage.
Audit Metadata