research-methods
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from web sources and local files to generate research documents.\n
- Ingestion points: External web content retrieved via
WebSearchandWebFetchtools, and local codebase content accessed viaGlob,Grep, andReadtools.\n - Boundary markers: The prompt templates for sub-agents (e.g., Web Research Agent, Community Agent) lack explicit instructions or delimiters to isolate user-provided or fetched data from the system instructions.\n
- Capability inventory: The skill possesses the capability to read any file within the project scope and write research findings back to the filesystem using the
Writetool.\n - Sanitization: There is no evidence of content sanitization or validation to prevent malicious instructions embedded in data from being interpreted by the LLM.\n- [EXTERNAL_DOWNLOADS]: Fetches documentation and package metadata from well-known technology sites and official registries like npmjs.com, pypi.org, and pkg.go.dev to provide accurate research comparisons. This is part of the primary intended functionality for technical research.\n- [COMMAND_EXECUTION]: The skill utilizes local file system exploration tools (
Glob,Grep,Explore) to analyze project structure, dependencies, and code patterns for its research and refactoring workflows. These operations are conducted using standard agent tools and are restricted to the project context.
Audit Metadata