research-planning
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill only accesses its own local reference files within the skill directory. No access to sensitive system paths (~/.ssh, ~/.aws) or environment variables was detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not perform any package installations or remote script downloads. While it lists packages like 'torch' and 'numpy' in its output schemas, these are intended for the user's research implementation and are not executed by the agent.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data in the form of research descriptions or paper content.
- Ingestion points:
$0(Research topic) and{research_description}placeholders. - Boundary markers: Absent in the interpolation templates.
- Capability inventory: Limited to generating structured text, JSON, and Mermaid diagrams. No file-writing or subprocess capabilities are present in this skill.
- Sanitization: None detected. However, because the skill has no 'write' or 'exec' capabilities, the risk of an indirect injection causing system harm is negligible.
- [Obfuscation] (SAFE): No Base64, zero-width characters, or hex encoding were found in the skill files.
Audit Metadata