Skills
skills/fivetaku/deep-research-kit/deep-research-query/Gen Agent Trust Hub

deep-research-query

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted user input for research topics and interpolates it directly into generated JSON queries and Markdown briefs without sanitization or boundary markers.
  • Ingestion points: User-provided topic input collected via the AskUserQuestion tool in SKILL.md (Phase 1 and Phase 2).
  • Boundary markers: None present; the user input is treated as a direct parameter for the generated output.
  • Capability inventory: File system writing (Phase 4) and passing data to the deep-research-main skill.
  • Sanitization: None observed for user-provided strings.
  • [DATA_EXFILTRATION]: The skill uses unvalidated user input ({topic}) to construct the file path where research queries are saved: RESEARCH/queries/{topic}_{timestamp}.json. This provides a surface for path traversal if the user provides a topic string containing directory navigation sequences (e.g., ../), potentially allowing files to be written outside the intended directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 08:07 PM