Skills
skills/ethansei/skills/deep-research/Gen Agent Trust Hub

deep-research

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of reading and summarizing untrusted external content and codebase files.
  • Ingestion points: Data enters the agent context through WebFetch (external websites), Read/Glob/Grep (local codebase), and ListMcpResourcesTool (MCP resources) during Phase 2 and Phase 4.
  • Boundary markers: Prompts utilize XML-style delimiters such as <user-task> and <hypotheses> and include explicit instructions for sub-agents to treat the enclosed content as data rather than executable instructions.
  • Capability inventory: Specialist agents have access to Bash (for environment queries), Write/Edit (limited to .speak-memory updates), and the Agent tool for spawning specialist sub-agents. The orchestrator has access to web search and file system tools.
  • Sanitization: The skill relies on the underlying model's adherence to safety guidelines and explicit 'ignore instructions' warnings; it does not implement programmatic sanitization or filtering of retrieved content.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform environment checks and dependency audits during Phase 1 and Phase 2.
  • System Discovery: Executes git rev-parse --show-toplevel to identify the repository root.
  • Dependency Auditing: Runs package manager queries including npm ls, pip list, and cargo tree to identify the project's technology stack.
  • [EXTERNAL_DOWNLOADS]: Automated web research is conducted using specialized search and fetch tools to gather documentation and best practices.
  • Tools: Employs WebSearch and WebFetch to retrieve content from the public internet.
  • Context: External content is used to confirm or disconfirm hypotheses during the research and adversarial challenge phases.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes the npx package runner to search for available skills in the npm marketplace.
  • Mechanism: Executes npx skills find with task-relevant keywords to identify additional capabilities.
  • Source: This operation targets the official npm registry, which is a well-known and trusted technology service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 08:23 AM