research-lookup
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The core functional logic file
research_lookup.pyis missing from the provided code. This file is critical as it likely handles network connections and the construction of API requests. Its absence prevents verification of safe data handling and potential hidden behaviors. - [DATA_EXFILTRATION] (LOW): The skill transmits user queries to the OpenRouter API. While this is the intended functionality, users should be aware that their research queries are shared with a third-party service.
- [INDIRECT_PROMPT_INJECTION] (LOW): The tool ingests and displays untrusted data from external web searches.
- Ingestion points:
lookup.pyprocesses and printsresult['response']andresult['sources']which contain content retrieved from the internet. - Boundary markers: Not present in the analyzed scripts; the wrapper does not use delimiters to isolate external content.
- Capability inventory: The provided scripts are limited to displaying output to the terminal (stdout).
- Sanitization: No sanitization or filtering of the external search results is performed before display.
- [CREDENTIALS_UNSAFE] (INFO): The script uses an environment variable (
OPENROUTER_API_KEY) for authentication, which is a standard security practice to avoid hardcoding secrets.
Audit Metadata