Skills
skills/notque/claude-code-toolkit/research-pipeline/Gen Agent Trust Hub

research-pipeline

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface because it is designed to ingest and synthesize findings from multiple research sub-agents (which may retrieve data from untrusted web or codebase sources).
  • Ingestion points: The skill reads all research/{topic}/raw-*.md files created by sub-agents during Phase 3 (SYNTHESIZE).
  • Boundary markers: No explicit security delimiters or 'ignore embedded instructions' warnings are used between the ingested raw data and the coordinator's synthesis logic; it relies on markdown header structure.
  • Capability inventory: The coordinator possesses the ability to execute Bash commands, Write to the local filesystem, and dispatch further Agent tasks.
  • Sanitization: There is no explicit sanitization of the content from the raw findings, though Phase 4 (VALIDATE) includes a manual 'Quality Assessment' step to identify bias and weak evidence.
  • [COMMAND_EXECUTION]: The skill uses shell commands to manage the research workspace.
  • Evidence: In Phase 1, it executes mkdir -p research/{topic}. While this is a standard directory management pattern, it relies on the agent to ensure the {topic} variable is properly sanitized to prevent shell metacharacter issues.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 05:55 AM