research
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute a shell command (
mkdir) to create a directory structure for research outputs. While the specific command is non-malicious, the use of shell execution expands the attack surface if the agent is compromised via injection. - [PROMPT_INJECTION] (MEDIUM): Vulnerable to Indirect Prompt Injection (Category 8) due to its core functionality of ingesting and processing untrusted external data.
- Ingestion points: Research material retrieved by the
literature-revieweragent and content processed by other specialized agents (SKILL.md). - Boundary markers: Absent. There are no instructions to delimit untrusted research data or to ignore embedded instructions within that data.
- Capability inventory: Local file system write access (
Writetool) and directory creation (mkdirvia Bash). - Sanitization: None. External content is saved directly to the local filesystem in markdown format, which could be used to store malicious payloads or influence subsequent agent steps.
Audit Metadata