deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes untrusted data from repository files, which represents a potential attack surface. However, the impact is minimized by strict tool limitations.
- Ingestion points: Repository files accessed via Read, Grep, and Glob tools (SKILL.md).
- Boundary markers: Absent; instructions do not explicitly delimit file content from the system prompt.
- Capability inventory: Restricted to read-only tools (Read, Grep, Glob). No shell execution, network access, or write permissions are granted.
- Sanitization: Absent.
Audit Metadata