foundry-research
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via its 'deep-research' workflow, which is designed to fetch and synthesize data from external web sources. This presents a risk where malicious instructions embedded in those sources could influence agent behavior.
- Ingestion points: External web content fetched by parallel topic researchers (referenced in references/deep-research-workflow.md).
- Boundary markers: The skill does not explicitly document the use of delimiters or 'ignore embedded instructions' warnings for external content.
- Capability inventory: The skill possesses the ability to execute research nodes via 'node-execute' and manage persistent research sessions.
- Sanitization: The workflow involves synthesis and compression, but no explicit sanitization of prompt-like content from retrieved data is mentioned.
- [COMMAND_EXECUTION]: The MCP contract includes a 'node-execute' action used to run 'research nodes' within the specified research framework. While this provides a dynamic execution surface, it appears limited to tasks defined by the research specification using internal identifiers (spec_id and research_node_id).
Audit Metadata