Skills
skills/wyattowalsh/agents/research/Gen Agent Trust Hub

research

Warn

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses !uv run python skills/research/scripts/research-scanner.py "$ARGUMENTS" in the Wave 0: Triage section of SKILL.md. This dynamic context injection pattern passes raw user-supplied arguments to a shell command. If a user provides arguments containing shell metacharacters (e.g., ;, $(...), or backticks), it could result in arbitrary command execution on the host system at skill load time.
  • [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection (Category 8). It is designed to ingest large amounts of untrusted data from web searches and document extraction tools (web-researcher, content-extractor). While the skill implements a complex 'Wave' pipeline involving cross-validation (Wave 3), devil's advocate subagents (self-verification.md), and bias detection (bias-detection.md) to verify claims, the high capabilities of the agent (file writes, network access) make this an area of concern.
  • [COMMAND_EXECUTION]: The scripts/verify.py script executes shell commands using subprocess.run to check the status of the repository. Although it uses list-style arguments (avoiding shell=True) and hardcoded commands (git status, git rev-parse), the execution of external binaries should be monitored for unexpected behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 11:26 AM