deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external, untrusted websites to generate research reports. Malicious instructions embedded in those websites could potentially influence the agent's final analysis.
- Ingestion points: External URLs are fetched via web_search and crawled using AsyncWebCrawler as described in the implementation example.
- Boundary markers: Absent. The crawled content is concatenated into a context string without explicit delimiters or instructions to the LLM to ignore embedded commands.
- Capability inventory: The skill performs network operations through the web_search tool and the crawl4ai library.
- Sanitization: While the skill uses PruningContentFilter for noise reduction, it does not perform security-focused sanitization to prevent adversarial instructions from affecting the LLM's synthesis phase.
Audit Metadata