deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary purpose is to fetch and synthesize data from the web, which constitutes an attack surface for indirect prompt injection.\n
- Ingestion points: External web search results and source content extracted from the internet by the Gemini API.\n
- Boundary markers: None specified. There are no documented instructions or delimiters to prevent the model from interpreting and executing commands embedded within the fetched research results.\n
- Capability inventory: The skill uses a CLI script to perform network operations (via httpx) and manage local cache files.\n
- Sanitization: No evidence of sanitization or filtering for the retrieved research results is provided.\n- No Code (SAFE): The main execution script (scripts/research.py) referenced in the README and SKILL files was not included in the provided file list. While the metadata and configuration appear legitimate, the actual runtime logic could not be audited.
Audit Metadata