research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes a local shell script (
research.sh) to perform file system operations. This is its primary function but involves execution of unvetted local logic. - [PROMPT_INJECTION] (LOW): The instructions use high-pressure language ('CRITICAL', 'NEVER', 'failure') to mandate specific agent behavior, which is a pattern associated with attempts to override safety guardrails.
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the context via the
import <file>command inSKILL.md. - Boundary markers: No delimiters or 'ignore' instructions are present to prevent the agent from obeying instructions embedded in imported files.
- Capability inventory: The skill allows file creation, moving, listing, and archival via the
research.shscript. - Sanitization: No sanitization or validation of the imported file's content is performed before the agent processes it for 'compact formatting'.
Audit Metadata