research-lookup
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as intended without malicious patterns. It correctly uses environment variables for secret management and identifies specific research-related APIs for its core functionality.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with the Parallel and OpenRouter APIs to retrieve search and research data. These interactions are core to the skill's functionality and use well-known service endpoints.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and stores data from external research APIs.\n
- Ingestion points: research_lookup.py (API responses from Parallel and OpenRouter)\n
- Boundary markers: Absent (content is output directly to console or file)\n
- Capability inventory: Bash (allowed in frontmatter), Write (to sources/ directory)\n
- Sanitization: Absent (retrieved text is processed via regex for citations but not sanitized for instructions)\n This risk is a documented functional characteristic of tools processing external web-sourced information and does not indicate malicious intent by the author.
Audit Metadata