researcher-hand-skill
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a shell command
python -c "import platform; print(platform.system())"during its initialization phase to detect the operating system environment. - [EXTERNAL_DOWNLOADS]: The agent uses the
web_fetchtool to retrieve content from external websites found during the research process. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to how it handles untrusted data.
- Ingestion points: Untrusted data enters the agent's context through the
web_fetchtool when reading web pages from search results. - Boundary markers: The instructions do not include explicit boundary markers or warnings to the agent to ignore instructions or malicious payloads embedded within the retrieved web content.
- Capability inventory: The skill has access to powerful tools including
shell_exec,file_write, andfile_readin the same execution context as the untrusted data processing. - Sanitization: There is no evidence of sanitization or filtering applied to the fetched content before it is processed by the agent for synthesis or reporting.
Audit Metadata