research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): Skill instructions guide the agent to clone external git repositories and fetch web content for research.
- COMMAND_EXECUTION (SAFE): Uses the Bash tool for repository cloning and file cleanup, which are standard for the stated research purpose.
- PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection): The skill creates a surface for indirect prompt injection by ingesting untrusted data from URLs and git repositories. Evidence: 1. Ingestion points: WebFetch and git clone. 2. Boundary markers: None present. 3. Capability inventory: Bash, Task, Read, Grep. 4. Sanitization: None.
Audit Metadata