deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a set of guidelines and templates for technical research, with no executable code or malicious instructions.
- [COMMAND_EXECUTION]: The skill documentation describes using
grep_searchto identify patterns, configurations, and existing implementations within the project's codebase. This is a standard and intended operation for understanding project conventions and does not involve executing arbitrary system commands. - [EXTERNAL_DOWNLOADS]: The skill references numerous external websites for research purposes via
web/fetch. All listed domains, such as GitHub, NPM, official framework documentation (Next.js, React, Node.js), and security databases (CVE, OWASP), are recognized as trusted or well-known technology services. - [PROMPT_INJECTION]: The skill defines a process for fetching external content, creating an indirect prompt injection surface. This is mitigated by the structured research protocol which requires source validation and cross-referencing.
- Ingestion points: External content fetched via
web/fetchcalls (SKILL.md Phase 2.2). - Boundary markers: The research report template (assets/research-report.md) uses markdown headers and blocks to segregate findings.
- Capability inventory: The skill utilizes
web/fetchfor network access andgrep_searchfor local file system read access (SKILL.md Phase 2.1). - Sanitization: The methodology mandates a 'Source Quality Checklist' (SKILL.md Phase 2.3) and a 'Cross-Reference Matrix' (SKILL.md Phase 3.1) to validate the accuracy and safety of gathered information.
Audit Metadata