Skills
NYC
skills/microck/ordinary-claude-skills/research/Gen Agent Trust Hub

research

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [Command Execution] (MEDIUM): The skill grants access to the Bash tool. While the instructions suggest using it for directory management (creating docs/research/), the permission is broad and allows for any shell command execution. This is a significant risk when the agent is also processing content from external, untrusted sources.
  • [Indirect Prompt Injection] (LOW): The skill lacks sanitization or boundary markers when processing data from searchGitHub and web_search_exa.
  • Ingestion points: External data enters via the mcp__mcp-router__searchGitHub and mcp__mcp-router__web_search_exa tools.
  • Boundary markers: Absent. There are no instructions to ignore embedded commands or treat search results as data-only.
  • Capability inventory: The agent has the power to run Bash commands and use the Write tool to modify the filesystem based on synthesized research findings.
  • Sanitization: Absent. The workflow directly synthesizes web results into actionable recommendations and files without filtering for potential injection patterns.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:14 PM