research
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as its primary function involves processing untrusted external data.
- Ingestion points: Untrusted content is ingested via the
WebFetchtool in theretrieve.md,web-scraping.md, andextract-knowledge.mdworkflows, as well as viayt-dlptranscript extraction inyoutube-extraction.md. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within its synthesis prompts.
- Capability inventory: The skill possesses significant capabilities, including orchestrating subagents via the
Tasktool, performing web searches, and executing shell commands. - Sanitization: No content sanitization or validation mechanisms were observed in the workflow definitions.
- [COMMAND_EXECUTION]: The skill facilitates the execution of system-level commands and local scripts.
- Evidence: The
youtube-extraction.mdworkflow explicitly uses theyt-dlpCLI tool. Additionally, the Bun scriptsworkflows/claude-research.tsandworkflows/perplexity-research.tsimport thechild_process.execmodule, indicating a design that supports shell command execution.
Audit Metadata