research-lookup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (LOW): The script
scripts/research_lookup.pyperforms outbound network requests toopenrouter.ai. While this domain is essential for the tool's core research functionality, it is not on the trusted whitelist for network operations. - PROMPT_INJECTION (LOW): The skill implements an indirect prompt injection surface by interpolating user-controlled data into LLM prompts and displaying the output. 1. Ingestion points: User queries captured from CLI arguments in
lookup.pyand thequeryparameter inResearchLookup.lookup. 2. Boundary markers: The query is wrapped in simple double quotes within the_format_research_prompttemplate, which is insufficient to prevent instruction override. 3. Capability inventory: Network access viarequests.postto external LLM providers through OpenRouter. 4. Sanitization: There is no sanitization of the user-provided query nor any validation/filtering of the content retrieved from the external API before presentation.
Audit Metadata