research-skill
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from web searches and writes it to the local workspace, which could allow malicious instructions in search results to influence the agent.
- Ingestion points: External content from web searches and the local goal.md file.
- Boundary markers: Absent; there are no instructions to the agent to disregard or delimit embedded commands within the search results.
- Capability inventory: Local file system write access to workspace/research.md.
- Sanitization: Absent; retrieved content is summarized and structured without explicit filtering or escaping.
Audit Metadata