deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the system clipboard. It attempts to use
pbcopy,xclip,wl-copy, orclip.exedepending on the host operating system. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it incorporates content from local project files and user input into a prompt destined for another AI model.
- Ingestion points: The skill reads local files such as
package.json,requirements.txt, andCargo.tomlto gather project context. - Boundary markers: The generated prompt uses Markdown headers (
## Objective,## Context) to structure the data, but it does not include explicit instructions for the receiving model to ignore instructions embedded within the provided context. - Capability inventory: The skill can read local files and execute system clipboard commands via the shell.
- Sanitization: There is no evidence of sanitization or escaping of the content read from local files before it is interpolated into the final research prompt.
Audit Metadata