deep-research
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill's core purpose is to ingest untrusted data from the web using tools like
WebSearchandWebFetch. This creates an inherent attack surface where malicious instructions embedded in web pages (e.g., in HTML comments or hidden text) could attempt to influence the agent's behavior. - Ingestion points: WebSearch, WebFetch, and external URLs referenced in the research process.
- Boundary markers: The skill lacks explicit instructions for the agent to ignore or delimit embedded instructions within the fetched content.
- Capability inventory: The skill uses
WebSearch,WebFetch, andTask(Explore agent). While it does not show direct file-write or system-level execution capabilities in this markdown file, the use of a multi-step investigation agent (Task) increases the risk that an injection could persist across steps. - Sanitization: No sanitization or filtering logic is defined for the content retrieved from external sources.
Audit Metadata