deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on untrusted external data sources.
- Ingestion points: External data is fetched from Exa search tools (mcp__exa__web_search_exa, mcp__exa__get_code_context_exa), YouTube transcriptions (yt-transcribe), and general web searches.
- Boundary markers: The skill documentation lacks explicit boundary markers or instructions for the agent to ignore potentially malicious embedded content within the research findings before they are processed by synthesis agents.
- Capability inventory: The system can write research findings and reports to the local file system (scratchpad) and coordinate multiple sub-agents, which increases the potential surface area for an indirect injection to influence the final output or agent behavior.
- Sanitization: No sanitization or verification process for the content of the retrieved findings is described before the data is written to files or used as input for the synthesizer agent.
Audit Metadata