Skills
skills/terrylica/cc-skills/gemini-deep-research/Gen Agent Trust Hub

gemini-deep-research

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of local TypeScript scripts (e.g., scripts/research.ts) using the npx tsx and bun run runners. These scripts are used to automate browser interactions and monitor research progress.
  • [EXTERNAL_DOWNLOADS]: Documentation recommends the installation of the playwright-core package from the standard NPM registry to enable browser automation capabilities.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes large-scale research reports generated by an external AI service (Gemini).
  • Ingestion points: Research reports and plan text extracted from gemini.google.com via browser automation.
  • Boundary markers: None identified in the provided documentation to delimit external content from agent instructions.
  • Capability inventory: The agent is granted tools for Bash execution, file reading (Read), writing (Write), and searching (Glob, Grep).
  • Sanitization: No sanitization or validation logic is mentioned for the content retrieved from the browser sessions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 09:52 AM