deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a potential surface for indirect prompt injection by ingesting and processing untrusted data from the public internet.\n
- Ingestion points: External web content and search results are retrieved via web-reading and browser automation tools (SKILL.md, Step 3).\n
- Boundary markers: The researcher sub-agent prompts lack explicit delimiters or safety instructions to distinguish between retrieved content and system instructions.\n
- Capability inventory: The skill maintains access to the
Tasktool (for spawning sub-agents), theWritetool (for report saving), and theBashtool (for directory creation).\n - Sanitization: No documented sanitization process exists for the HTML or text content of the researched sites to prevent the agent from executing instructions found in the data.\n- [EXTERNAL_DOWNLOADS]: The skill performs network operations required for its research functionality.\n
- Uses Brave Search, Perplexity, and Playwright tools to download data from external domains.\n
- References the author's official GitHub repository
github.com/mikeng-io/agent-skillsfor component installation, which is a trusted vendor resource.\n- [COMMAND_EXECUTION]: The skill uses localized shell commands for environment management.\n - Employs
Bashwith themkdircommand to create the necessary output directory structure for research reports.
Audit Metadata