auto-research
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the WebSearch and WebFetch tools to retrieve information from external websites during Phase 2 of its execution strategy. This is the intended behavior for generating research reports.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting external data from the internet.\n
- Ingestion points: External content is ingested via WebFetch from URLs identified during Phase 2 (Parallel Deep Research).\n
- Boundary markers: Absent; the sub-agent prompt template lacks explicit delimiters or instructions to ignore commands embedded within the retrieved research sources.\n
- Capability inventory: The agent has permissions to read from and write to specific directories in the vault (e.g., 05-knowledge/research/) and can perform network operations through search tools.\n
- Sanitization: Absent; fetched content is summarized and synthesized into final reports without filtering or escaping potentially malicious instructions.
Audit Metadata