web-research
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a strictly defined workflow (Plan, Review, Dispatch, Synthesize) that ensures user oversight and predictable behavior. It operates as a tone-neutral primitive, treating external inputs as data rather than instructions, which limits its susceptibility to direct manipulation.
- [SAFE]: Path management is handled securely. The skill sanitizes the input research question into a folder slug by stripping punctuation and collapsing whitespace, preventing directory traversal attacks. While it allows a caller to specify an absolute
output_dir, this is a standard capability for generating local artifacts and is managed within the internal skill ecosystem. - [SAFE]: The skill manages untrusted web data through structural isolation. Although it fetches content from the web, the results are processed into a fixed report format on disk rather than being returned as inline prose. This design prevents malicious web content from directly influencing the primary agent conversation in real-time. The use of a strict citation schema (verbatim excerpts, URLs, and titles) ensures that all gathered data is clearly attributed and verifiable.
Audit Metadata