research-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): Vulnerability to Indirect Prompt Injection (Category 8) identified. The skill ingests untrusted data from external websites via Firecrawl and Perplexity and synthesizes it into reports. \n
- Ingestion points: External data is ingested via
scripts/mcp/firecrawl_scrape.pyandscripts/mcp/perplexity_search.py. \n - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands in the scraped content. \n
- Capability inventory: The agent can execute shell commands via
uv runand write files to the local file system. \n - Sanitization: There is no evidence of sanitization or filtering of external content before processing. \n- Command Execution (SAFE): The skill uses
uv run pythonto execute local scripts (nia_docs.py,perplexity_search.py,firecrawl_scrape.py). This is a standard pattern for MCP tool integration and is considered safe in this context.
Audit Metadata