deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing external dependencies via a requirements.txt file and references a repository on GitHub (github.com/sanjay3290/ai-skills) that is not part of the trusted vendors list.\n- [COMMAND_EXECUTION]: The skill instructions rely on the execution of local scripts (scripts/research.py) with various flags. The logic within these scripts is not defined in the skill metadata and could perform arbitrary operations.\n- [CREDENTIALS_UNSAFE]: The documentation guides users to manage a GEMINI_API_KEY through environment variables or a .env file, which can lead to the accidental exposure of sensitive credentials.\n- [PROMPT_INJECTION]: The skill's metadata contains a self-asserted 'risk: safe' claim. This is a form of metadata poisoning intended to influence safety evaluations and bypass scrutiny.\n- [DATA_EXFILTRATION]: The skill is designed to synthesize information from external search results, which presents an indirect prompt injection surface. Malicious content in the researched web pages could attempt to manipulate the agent.\n
- Ingestion points: External web content retrieved and processed by scripts/research.py.\n
- Boundary markers: No explicit markers or instructions to ignore embedded commands are specified in the documentation.\n
- Capability inventory: Subprocess execution via local scripts and network access via the httpx library.\n
- Sanitization: No data sanitization or filtering mechanisms are described for the ingested external research content.
Audit Metadata