deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its data ingestion and processing pipeline.\n
- Ingestion points: Untrusted data is ingested from external web sources via the
deepresearchtool (Step 3) and stored in research files within the local directory.\n - Boundary markers: The instructions lack explicit boundary markers or delimiters (e.g., XML tags or unique tokens) to segregate ingested evidence from the agent's instructions during the multi-pass drafting and merging stages (Step 6 and Step 7).\n
- Capability inventory: The skill utilizes a
Tasktool to spawn sub-agents and performs extensive file-system operations (writing intermediate drafts and merging content) which could be manipulated by malicious content embedded in the ingested data.\n - Sanitization: There is no evidence of automated sanitization or escaping of external content before it is interpolated into the drafting prompts for parallel sub-agents.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes a
deepresearchtool to retrieve data from the internet. This is a legitimate and necessary function for a research-oriented skill, though it provides the primary channel for external data ingestion.
Audit Metadata