academic-research
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is susceptible to indirect prompt injection because it ingests and synthesizes untrusted content from the web and academic databases. Ingestion points: Untrusted data enters the agent context through search result snippets and the
classify-urltool inscripts/research_agent.py. Boundary markers: No markers or 'ignore' instructions are provided to the model to delineate untrusted external content. Capability inventory: The skill performs network searches and generates structured research reports, which could be subverted by malicious content. Sanitization: No filtering or sanitization of retrieved content is described. - COMMAND_EXECUTION (LOW): The skill executes a local Python script
scripts/research_agent.pyto perform query generation and URL classification. While typical for skill functionality, it provides an execution path for logic processing potentially untrusted data.
Audit Metadata