Skills
skills/soul-brews-studio/oracle-skills-cli/deep-research/Gen Agent Trust Hub

deep-research

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/deep-research.ts invokes the mosquitto_pub and mosquitto_sub system commands via Bun.spawn. This is the intended mechanism for communicating with the required browser proxy extension via a local MQTT broker.
  • [PROMPT_INJECTION]: The skill accepts user-defined research topics as input which are then passed to the Gemini model. The absence of explicit boundary markers or input sanitization logic within the script represents a standard attack surface for indirect prompt injection, where malicious instructions could be embedded in the research topic to influence the model's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 12:45 AM