Research
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill mandates the use of a binary located at
~/.claude/bin/researchvia Bash. This binary is not part of the skill's own files, meaning its source code and safety cannot be verified. Execution of arbitrary binaries outside of standard system paths is a high-risk pattern.\n- [CREDENTIALS_UNSAFE] (MEDIUM): The documentation explicitly points the agent to~/.claude/.envand identifies it as the storage location forPERPLEXITY_API_KEYandGOOGLE_API_KEY. Providing an agent with the specific path to secrets files increases the risk of those credentials being leaked or exfiltrated by the CLI tool or through subsequent injections.\n- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it ingests and synthesizes research data from external sources without providing sanitization or boundary markers.\n - Ingestion points: Output from the
researchCLI tool (Perplexity, Gemini, Claude results).\n - Boundary markers: Absent (the synthesis instructions do not specify delimiters for external data).\n
- Capability inventory: The skill has access to the Bash tool to execute commands.\n
- Sanitization: Absent (there are no instructions to escape or validate the external data before synthesis).
Recommendations
- AI detected serious security threats
Audit Metadata