research-lookup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection because it processes untrusted data from external research sources without boundary markers.\n
- Ingestion points: User queries from the command line in
lookup.pyand research results from the OpenRouter API inscripts/research_lookup.py.\n - Boundary markers: Absent. The prompt template in
_format_research_promptinterpolates the query directly into instructions without delimiters or 'ignore embedded' warnings.\n - Capability inventory: Performs network requests (
requests.post) and outputs results to stdout.\n - Sanitization: No validation or sanitization is performed on the content returned from the API before it is passed back to the agent context.\n- [SAFE] (SAFE): Credentials are appropriately handled. The
OPENROUTER_API_KEYis retrieved from environment variables rather than being hardcoded.\n- [SAFE] (SAFE): No dangerous command execution, persistence mechanisms, or obfuscated code patterns were identified across the provided scripts.
Audit Metadata