research-synthesis
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of data from untrusted external sources through tools like mcp__Exa__web_search_exa, WebSearch, and WebFetch, creating a risk for indirect prompt injection where malicious instructions in web content could influence agent behavior.
- Ingestion points: External data is fetched from the internet via Exa and WebFetch tools specified in SKILL.md.
- Boundary markers: There are no explicit instructions for the agent to use delimiters or to ignore instructions embedded within the research results.
- Capability inventory: The skill possesses powerful file system capabilities (Read, Write, Glob, Grep) and can invoke other creator skills, providing a potential path for impact if an injection occurs.
- Sanitization: The research protocol does not include steps for sanitizing or validating external content before it is processed by the agent.
- [COMMAND_EXECUTION]: The SKILL.md file contains JavaScript snippets (Step 0: Internal Memory Lookup) that use require() to load modules from local paths like .claude/lib/memory/internal-rag.cjs and .claude/lib/utils/context-pressure.cjs. This represents a pattern of dynamic logic loading and execution within the agent's context.
Audit Metadata