research-lookup
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill is designed to transmit user-provided research queries to the OpenRouter API (openrouter.ai). Although this is the primary functionality of the tool, the destination domain is not included in the trusted whitelist, representing a standard network exposure for external API interactions.
- [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection vulnerability surface. 1. Ingestion points: Untrusted user input is ingested via command-line arguments (sys.argv) in lookup.py. 2. Boundary markers: The format_response function in lookup.py does not implement delimiters or instructions for the agent to ignore potentially malicious content embedded in the research results. 3. Capability inventory: The skill possesses the capability to perform external network operations and return data to the agent context. 4. Sanitization: There is no sanitization or validation of the content returned by the OpenRouter API before it is formatted and displayed to the agent.
Audit Metadata