deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingest and processes untrusted data from the internet via WebSearch and Read tools, which creates a vulnerability surface where malicious web content could influence the agent's behavior or output.
- Evidence Chain for Category 8:
- Ingestion points: Untrusted data enters the agent context through the
WebSearch(*)andReadtools as defined in theallowed-toolsand 'Research protocol' sections. - Boundary markers: The instructions lack specific requirements for the agent to use delimiters or safety framing (like 'The following is untrusted content...') when interpolating retrieved web data into its synthesis.
- Capability inventory: The skill includes a 'Verification hooks' section that instructs the agent to 'Provide 1-3 concrete commands/tests to verify claims locally.' This allows an injection to potentially manifest as a malicious command recommendation.
- Sanitization: There are no instructions for sanitizing, filtering, or validating the external content before it is used to generate synthesized reports or command suggestions.
Audit Metadata