deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core function of processing untrusted web data.
- Ingestion points: Untrusted content is ingested from external websites via web_fetch and Playwright, as well as social media data from the TikHub API.
- Boundary markers: The instructions lack explicit boundary markers or directives to the agent to ignore instructions embedded within the retrieved data.
- Capability inventory: The skill can launch new subagents via the Task tool and execute further web searches or API calls.
- Sanitization: External data is not sanitized for instructional patterns before being used in the synthesis or delegation process.
- [EXTERNAL_DOWNLOADS]: The skill is configured to perform network operations to retrieve information from the web and the TikHub API as part of its intended research purpose.
Audit Metadata