research
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted data from external sources (Exa web search, code context, and Context7 documentation) which may contain malicious instructions designed to bias the research or influence agent behavior.
- Ingestion points: Untrusted data enters the agent context via
mcp__context7__query-docs,mcp__exa__web_search_exa, andmcp__exa__deep_researcher_checkas defined inSKILL.md. - Boundary markers: The instructions lack clear delimiters or headers to separate external search results from the system's core logic, increasing the risk that the agent may follow instructions embedded in retrieved data.
- Capability inventory: The skill has broad information retrieval capabilities. While no direct file-system or shell access is provided in this file, the resulting research synthesis could influence downstream systems.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved content before it is processed by the agent.
- Data Exfiltration (LOW): The skill performs network operations to external services (Exa and Context7) that are not on the trusted whitelist.
- Evidence: Implementation of
mcp__exaandmcp__context7tool calls. - Risk: These operations are used for legitimate research purposes and are not associated with sensitive file access, resulting in a low risk rating.
Audit Metadata