research
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) as it is designed to ingest and process untrusted content from the internet via
WebSearchandWebFetchtools. - Ingestion points: External data enters the agent context through search results and page content fetched during Step 2 of the research protocol.
- Boundary markers: The protocol does not explicitly define markers or instructions to isolate or ignore embedded instructions within retrieved web content.
- Capability inventory: The skill can write findings to the local filesystem (specifically
.planning/research/) and read local codebase files usingGrep,Glob, andRead(as a fallback mechanism). - Sanitization: There is no evidence of sanitization or filtering applied to external content before it is summarized or recorded.
- [DATA_EXFILTRATION]: While the skill can read local files and perform web operations, its protocol is strictly defined as an investigative tool that produces local research documents. No evidence of unauthorized data transfer was found.
Audit Metadata