Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/research-refine-pipeline/Gen Agent Trust Hub

research-refine-pipeline

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to utilize Bash for file writing (using cat << 'EOF') if the standard Write tool encounters errors. It explicitly instructs the agent to do this silently without seeking user permission. This behavior grants the agent autonomous shell access to the file system.\n- [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection due to its processing of external web data.\n
  • Ingestion points: Data is pulled from the internet using WebSearch and WebFetch as specified in SKILL.md.\n
  • Boundary markers: The instructions lack markers or warnings to the agent to treat fetched content as untrusted or to ignore embedded instructions.\n
  • Capability inventory: The skill possesses significant capabilities, including Bash execution, file modification, and the ability to spawn other agents.\n
  • Sanitization: No validation or sanitization of the fetched external data is performed before it is used in subsequent logic or file operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 08:16 PM