deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts such as 'validate_report.py' and 'md_to_html.py' to ensure report quality and perform file conversions. It also uses shell commands like 'mkdir' to organize research outputs and 'open' to display finished reports to the user.
- [EXTERNAL_DOWNLOADS]: To perform its primary function, the skill uses the 'WebSearch' and 'WebFetch' tools to collect data from the internet. Additionally, the 'verify_citations.py' script makes network requests to external DOI resolvers and third-party URLs to validate research sources.
- [PROMPT_INJECTION]: The system instructions include an 'Autonomy Principle' that directs the agent to proceed with research tasks without waiting for user approval. This design is intended to streamline the multi-phase workflow but represents an instruction-based override of standard user-confirmation patterns.
Audit Metadata