Skills
skills/skindhu/skind-skills/deep-article-research/Gen Agent Trust Hub

deep-article-research

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes untrusted article content from the web.
  • Ingestion points: Raw article text is fetched from external URLs provided by the user via the agent-browser or WebFetch tools in SKILL.md (Step 1).
  • Boundary markers: The prompts/deep-verification-prompt.md file uses <argument_extraction> XML-style tags to delimit untrusted content, which provides structural separation between data and instructions.
  • Capability inventory: The agent has access to Bash (to run the verification script), Write (to save reports), WebSearch, and WebFetch.
  • Sanitization: No explicit content sanitization or instruction-filtering is performed on the raw article text before it is analyzed by the LLM.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local Python script (scripts/gemini_deep_research.py) to perform its primary research function. The script is bundled with the skill and is invoked with controlled arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 10:06 AM