Skills
skills/notque/claude-code-toolkit/domain-research/Gen Agent Trust Hub

domain-research

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests a user-provided domain name and, if enabled, fetches external documentation. This untrusted data is processed by parallel research agents to identify subdomains and propose pipeline steps.
  • Ingestion points: User prompt (Domain name) and external URLs (via optional Agent 4 Reference Research).
  • Boundary markers: Absent. No specific delimiters or "ignore embedded instructions" warnings are defined for processing the research content produced by sub-agents.
  • Capability inventory: File system access (Read/Write), Bash execution, Grep/Glob, and Agent spawning across multiple phases.
  • Sanitization: Absent. The skill does not describe validation or filtering of the discovered content before it influences the generated Component Manifest and pipeline chains.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform file system operations.
  • Evidence: mkdir -p /tmp/pipeline-{run-id}/phase-1-research in Phase 1.
  • [EXTERNAL_DOWNLOADS]: The 'Reference Research' agent (Agent 4) can be configured to fetch external documentation and specifications from the web to identify domain concepts and validation rules.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 04:36 PM