Skills
skills/kirkluokun/awesome-a-stock-openclawskills/gemini-deepresearch/Gen Agent Trust Hub

gemini-deepresearch

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted external data into LLM prompts. Maliciously crafted research topics, outlines, or file content could attempt to override the research agent's instructions.
  • Ingestion points: Research topics, outline markdown files, and local data directories specified in SKILL.md.
  • Boundary markers: Absent. Input variables are concatenated directly into the prompts for the Gemini API and CLI.
  • Capability inventory: Local file reading and network uploads to Google Cloud (scripts/deep_research.py), and shell command execution (scripts/lite_research.sh).
  • Sanitization: Absent. External content is used as-is in the research prompts.
  • [COMMAND_EXECUTION]: The skill executes its own internal Python and Bash scripts to orchestrate the research workflow.
  • Evidence: SKILL.md calls scripts/deep_research.py and scripts/lite_research.sh. The shell script invokes the gemini CLI tool with the --yolo flag to permit non-interactive prompt execution.
  • [EXTERNAL_DOWNLOADS]: The skill depends on official packages and tools from a trusted vendor.
  • Evidence: requirements.txt requires google-genai and python-dotenv. SKILL.md references the official Google gemini-cli GitHub repository. These sources are considered trusted and the downloads are documented neutrally.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 05:33 AM