rabbit-hole
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Python script (
scripts/validate_sources.py) to validate citations by checking if local files exist or by performing HTTP HEAD requests to external URLs. This is part of the research synthesis phase and operates in a read-only manner. - [EXTERNAL_DOWNLOADS]: The skill performs HTTP HEAD/GET requests during the validation phase to verify the availability of cited URLs. These requests are restricted to validating the presence of the resource and use standard library functions.
- [REMOTE_CODE_EXECUTION]: The orchestration protocol involves launching sub-agents (scouts and investigators) to perform research tasks. These agents use standard tools like WebSearch and Read, following the agent's native capabilities without introducing external execution vectors.
- [DATA_EXFILTRATION]: The skill processes research data and findings. While it interacts with external URLs for research and validation, there is no evidence of sensitive data access or exfiltration patterns. The skill is explicitly described as read-only.
Audit Metadata