deep-research-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Overall Security (SAFE): No malicious patterns, prompt injections, or obfuscation techniques were identified within the skill documentation or the provided Python scripts.
- Dependency Analysis (SAFE): The skill mentions common and trusted data analysis libraries (pandas, numpy, scikit-learn). No suspicious or unversioned external packages are required for installation.
- Data Handling (SAFE): The code focuses on data structure manipulation and scoring metrics. There are no hardcoded credentials, sensitive file path accesses, or unauthorized network operations.
- Code Execution (SAFE): The implementation avoids dangerous functions such as eval(), exec(), or subprocess spawning. The logic for synthesizing findings and generating reports uses standard string formatting and collection processing.
- Indirect Prompt Injection (SAFE): Although the skill is designed to process data from external sources (academic databases, news APIs), the provided example code lacks exploitable capabilities (e.g., shell access or file-system writing) that could be leveraged if an attacker-controlled source were ingested.
Audit Metadata