The Agent Skills Directory

Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it is designed to autonomously search and synthesize information from the web. Evidence Chain: (1) Ingestion points: Unfiltered web content and search results are processed by the Gemini model via scripts/research.py. (2) Boundary markers: No explicit delimiters or 'ignore instructions' guards are documented for the ingested data. (3) Capability inventory: The skill performs extensive network searches and generates detailed textual reports based on that data. (4) Sanitization: There is no evidence of sanitization or filtering of the retrieved web content before it is processed by the LLM.
External Downloads (LOW): The requirements.txt file specifies the installation of standard libraries (httpx, python-dotenv). While these are trustworthy packages from PyPI, the skill is authored by an untrusted source, necessitating verification of the associated scripts (though the scripts themselves were not provided in the source files).

deep-research