deepthink
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill utilizes strong imperative instructions ('IMMEDIATELY invoke', 'Do NOT explore or analyze first') in both
SKILL.mdandCLAUDE.md. These commands are designed to override the AI agent's standard behavior of inspecting tool/script contents before execution, which is a common technique used to hide malicious logic. - [COMMAND_EXECUTION] (MEDIUM): The skill's primary function is to execute
python3 -m skills.deepthink.think. Since the source code for this module is not provided within the skill files, its actual operations (file access, network activity, or subprocess spawning) cannot be verified. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process untrusted user input for 'open-ended analytical questions'.
- Ingestion points: User questions are processed through a 14-step workflow described in
README.md. - Boundary markers: None explicitly defined in the provided instructions.
- Capability inventory: Uses
python3execution which may have broad system access depending on the environment. - Sanitization: The
README.mdmentions 'Context Clarification (S2A)' to remove bias, which may act as a partial filter, but the effectiveness against adversarial injection is unknown.
Audit Metadata