project-research
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill coordinates UX and technical research by reading local project metadata and using the web tools. It operates within the expected project directory structures and follows a logical workflow.
- [COMMAND_EXECUTION]: Although "Bash" is listed in allowed-tools, no shell commands are invoked in the SKILL.md logic; the orchestration is handled by spawning a specialized researcher agent.
- [EXTERNAL_DOWNLOADS]: "WebSearch" and "WebFetch" are utilized solely for data gathering as part of the primary research function. No remote code execution or suspicious external script downloads were identified.
- [DATA_EXFILTRATION]: While the skill accesses project context (BRIEF.md, config.json), this information is used internally by the agent to inform its research and is not sent to unauthorized external endpoints.
Audit Metadata