independent-research
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill explicitly directs the agent to 'Test commands, syntax, and configurations' and 'Provide working examples (not theoretical ideas)' using the
Bashtool. This encourages the execution of arbitrary shell commands within the agent's environment. - EXTERNAL_DOWNLOADS (LOW): The skill utilizes
WebFetchandWebSearchto retrieve content from the internet. While these tools are standard for research, they serve as the primary entry point for untrusted data. - REMOTE_CODE_EXECUTION (MEDIUM): By combining web research with local execution (
Bash), the skill creates a functional Remote Code Execution (RCE) vector. An attacker could poison documentation or search results with malicious commands that the agent, following its 'Research Protocol', might execute to 'validate' them. - PROMPT_INJECTION (LOW): The skill contains strong directives like 'Never ask questions you can answer yourself' and 'This violates your primary mission'. These instructions pressure the agent to act autonomously and bypass the safety check of 'asking the user' before performing potentially dangerous actions.
- INDIRECT PROMPT INJECTION (LOW):
- Ingestion points:
WebFetch,WebSearch. - Boundary markers: Absent; there are no instructions to treat web content as untrusted or to sanitize it before execution.
- Capability inventory:
Bash(command execution),WebFetch(network access),Read(file system access). - Sanitization: Absent; the skill focuses on 'validating' that code works, not that it is safe.
Audit Metadata