deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests access to the Bash tool, allowing the execution of arbitrary shell commands on the local system during the research process.- [DATA_EXFILTRATION]: The skill configuration pairs local filesystem access (Read, Grep, Glob) with outbound network capabilities (WebFetch, WebSearch), creating a risk of data exfiltration if the agent is manipulated into reading sensitive local files and transmitting their content.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources and user arguments without security delimiters.
- Ingestion points: External data is ingested through the $ARGUMENTS variable and output from WebFetch or WebSearch operations.
- Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are provided to the agent.
- Capability inventory: The agent has access to powerful tools including Bash, filesystem reading, and network web-fetching.
- Sanitization: No input sanitization, escaping, or validation logic is implemented for the data being researched.
Audit Metadata