batch-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect prompt injection via the processing of external data sources. 1. Ingestion points: The skill reads a list of data sources from the file .opencode/REFERENCE.md. 2. Boundary markers: No explicit delimiters or boundary instructions are provided to the agent to distinguish between its core logic and the potentially untrusted data from the reference file. 3. Capability inventory: The skill has the capability to orchestrate external agent calls (researcher) and write to the local filesystem (logs/). 4. Sanitization: There is no evidence of URL validation or content sanitization before processing the entries.
- Dynamic Loading (SAFE): The skill imports a local utility module (.opencode/utils.mjs) for URL generation. This is standard modular coding practice and does not involve untrusted remote code or dynamic loading from computed paths.
- Command Execution (SAFE): The skill manages other agents but does not directly execute shell commands, system-level processes, or unauthorized network operations.
Audit Metadata