atk-ux-research
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The script
scripts/atk_research.pyutilizessubprocess.run(shell=True)to execute system commands likecurl. While the inputs are currently mitigated by strictargparsechoices, the use ofshell=Trueis a risky pattern that could lead to command injection if the input surface is expanded. - [EXTERNAL_DOWNLOADS] (LOW): The skill performs network requests to non-whitelisted domains including Reddit, BBB, and Trustpilot. This is consistent with the skill's primary purpose of gathering external user feedback.
- [PROMPT_INJECTION] (LOW): The skill exhibits an Indirect Prompt Injection surface (Category 8). It ingests untrusted text from public forums and review sites and interpolates it into reports.
- Ingestion points: Reddit JSON API, Firecrawl scrapes, and Exa search results.
- Boundary markers: Absent; untrusted content is placed directly into markdown files without delimiters like
<external_content>or instructions to the agent to ignore embedded commands. - Capability inventory: The skill can write files to the local filesystem and execute shell commands.
- Sanitization: Content is not sanitized or filtered for prompt injection patterns before being processed or saved.
Audit Metadata