The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill's architecture is designed to ingest untrusted web content and use it to drive high-privilege actions.\n
Ingestion points: Web search results and external URLs (referenced in source_evaluator.py and README.md).\n
Boundary markers: None detected. Boundary markers mentioned in CONTEXT_OPTIMIZATION.md are exclusively for LLM cache optimization, not security.\n
Capability inventory: Recursive agent spawning via 'Task' tool and arbitrary code execution for 'analysis and validations' (documented in README.md and QUICK_START.md).\n
Sanitization: No sanitization of external content is present in the utility scripts; scripts focus on regex-based formatting rather than security filtering.\n- [Obfuscation/Evasion] (HIGH): Critical core logic files (research_engine.py and SKILL.md) are missing from the provided file set despite being defined as the skill's engine. This omission prevents security verification of how the 'recursive agent spawning' and 'code execution' features are actually implemented.\n- [Command Execution] (HIGH): Documentation in QUICK_START.md explicitly lists 'Code Execution' as a feature. If the code being executed is derived from synthesized web research, it represents a direct Remote Code Execution (RCE) vector via indirect prompt injection.\n- [Metadata Poisoning] (MEDIUM): The README and COMPETITIVE_ANALYSIS.md claim to implement several 2025 academic research papers (e.g., arXiv 2510.17853, 2505.18149). Given the current date context, these are either fictitious or speculative, serving to create a false sense of technological authority and safety.

deep-research