deep-research
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is configured to read an API key from a hardcoded local file path at
/Users/lingzhi/Code/keys.md. Accessing generic files for credentials increases the risk of sensitive information exposure beyond the intended scope. - [EXTERNAL_DOWNLOADS]: The skill uses
urllib.requestinscripts/download_papers.pyto automatically download research papers from external academic repositories such as arXiv and Semantic Scholar. - [PROMPT_INJECTION]: The skill processes untrusted content extracted from downloaded PDFs, creating a surface for indirect prompt injection.
- Ingestion points: Text is extracted from PDF files downloaded from the internet using
scripts/extract_pdf.py. - Boundary markers: There are no explicit delimiters or instructions to the model to ignore potential malicious commands embedded within the paper text.
- Capability inventory: The skill has capabilities for network access (PDF downloads), file system access (reading and writing notes/reports), and local Python script execution.
- Sanitization: No filtering or sanitization of the extracted PDF text is performed before it is processed by the agent.
Audit Metadata