Skills
NYC
skills/vamseeachanta/workspace-hub/core-researcher/Gen Agent Trust Hub

core-researcher

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface.
  • Ingestion points: The skill ingests untrusted data from external sources via WebSearch and WebFetch, and from local files using Read and Grep.
  • Boundary markers: No specific delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' warnings are implemented to separate external data from the agent's core instructions.
  • Capability inventory: The agent has access to the Bash tool, WebFetch, and file system access tools (Read, Glob), which could be abused if the agent is manipulated by injected text.
  • Sanitization: No sanitization or validation of retrieved content is shown before the data is processed by the LLM.
  • [COMMAND_EXECUTION] (LOW): Potential Shell Injection in Lifecycle Hooks.
  • The pre hook utilizes a shell command echo "🔍 Research agent investigating: $TASK". If the $TASK variable contains shell metacharacters or command substitution patterns (like $(...)), it may result in unintended command execution depending on how the host environment handles hook execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:26 PM