deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to retrieve and synthesize data from across the web, which constitutes an ingestion point for untrusted content. 1. Ingestion points: External web data fetched during the 'Retrieve' phase. 2. Boundary markers: No specific delimiters or safety instructions were found in the provided scripts to prevent the LLM from obeying instructions embedded in the retrieved text. 3. Capability inventory: The skill can write files and, according to the README, spawn new agent tasks via recursive chaining. 4. Sanitization: The utility scripts transform markdown but do not sanitize content against adversarial prompts hidden in source material.
- [Dynamic Execution] (LOW): The documentation refers to a recursive agent spawning system for long reports. While a legitimate feature for overcoming context limits, recursive task creation can lead to extended execution chains if the agent's instructions are compromised by malicious external data.
- [General Security] (SAFE): The provided Python utility scripts (citation_manager.py, source_evaluator.py, md_to_html.py, verify_html.py) are well-structured, use standard libraries, and contain no malicious logic, hardcoded secrets, or unauthorized network operations.
Audit Metadata