deep-research
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it is designed to ingest and process untrusted data from the internet during its research phase. Malicious instructions on researched web pages could potentially influence the agent's output.
- Ingestion points: Web content retrieved through Gemini Deep Research queries.
- Boundary markers: No delimiters or specific 'ignore instructions' markers are defined in the skill documentation.
- Capability inventory: Execution of local Python scripts to handle research logic.
- Sanitization: No sanitization or filtering logic is specified for the ingested data.
- [COMMAND_EXECUTION]: The skill documentation references and executes a local file
scripts/research.py. Since the code for this script is not included in the skill package for review, its internal operations (such as file handling or network behavior) cannot be fully verified for security best practices.
Audit Metadata