ark-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill uses
git clo n eto fetch exter n al repository con t e n t for analysis. While the exam ple poin t s to GitHub (a trusted source), the actual repositories are determine d at run t ime base d on search result s. - COMMAND_EXECUTION (LOW): The skill execute s shell com m an d s (
git clo n e,cat,mkdir) to set up a research work s pace and inspec t file s. These com m an d s are stand ar d for the state d purpose but involve inter actio n with un truste d exter n al data. - PROMPT_INJECTION (LOW): The skill is vulner able to indirect prom p t injectio n (Category 8). It read s data fro m exter n al web site s and clo n e d repositories with out im plem e n tin g sanitizatio n or boun d ary marker s. 1. In gestio n poin t s: Exter n al con t e n t en t er s the agen t con t ext via web search result s and file read s fro m clo n e d repositories. 2. Boun d ary marker s: The instructio n s do n ot define delim iter s or specific warnin g s to ignore instructio n s em bed ded with in the research material. 3. Capability inven t ory: The agen t has the ability to execute shell com m an d s and write to the local file syste m (
./scratch/research). 4. Sanitizatio n: There is no logic provide d to sanitize or escape the con t e n t retrieve d fro m exter n al source s before the agen t processes it.
Audit Metadata