Skills
skills/mrilikecoding/dotfiles/rdd-research/Gen Agent Trust Hub

rdd-research

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content retrieved from external sources.
  • Ingestion points: Data enters the system via the WebSearch, WebFetch, and /lit-review capabilities.
  • Boundary markers: No explicit delimiters or boundary instructions are provided to the agent to treat external content as untrusted or to ignore embedded instructions.
  • Capability inventory: The agent has access to Bash, Write, Edit, and Task tools, which could be exploited if malicious instructions are successfully injected via fetched content.
  • Sanitization: There is no mechanism described for sanitizing, validating, or escaping data fetched from the web before it is incorporated into research logs or essays.
  • [COMMAND_EXECUTION]: The skill involves the execution of shell commands and code.
  • Technical Spikes: The agent generates and executes arbitrary code within a scratch directory (./scratch/spike-<name>/) to answer technical questions.
  • File Operations: The process includes using rm -rf to delete spike directories and mv commands to archive research logs.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with external networks and repositories.
  • Web Data: Utilizes WebSearch and WebFetch to gather research material.
  • Vendor Repository: Documentation in the skill references cloning a community library from the author's GitHub repository (github.com/mrilikecoding/llm-orchestra-library).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 12:16 PM