research
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
execFileSyncmethod to execute system commands for its core functionality. - Evidence:
scripts/core/providers.mjsexecutescurlandnpx mcporterto communicate with research providers. - Evidence:
scripts/core/providers.mjsexecutesnodeto run a localmanus_client.mjsscript for asynchronous tasks. - [EXTERNAL_DOWNLOADS]: The skill fetches content from external research and grounding services.
- Evidence:
scripts/core/providers.mjsperforms HTTP GET and POST requests toapi.search.brave.comandgenerativelanguage.googleapis.com(Google Gemini). - Evidence: External data is retrieved via the
mcportertool from Tavily's search and extract APIs. - [DATA_EXFILTRATION]: User-provided research goals and queries are transmitted to external service providers.
- Evidence: Research queries are sent to Brave and Google APIs via
scripts/core/providers.mjsto retrieve search results and grounding data. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted data from the internet.
- Ingestion points: Untrusted web snippets are ingested into the evidence ledger in
scripts/core/retrieval.mjs. - Boundary markers: The system uses a structured JSON ledger, but snippets from external URLs are presented to the agent as natural language content without explicit delimiters.
- Capability inventory: The skill possesses command execution capabilities (via
curlandnpx) and network access. - Sanitization: There is no evidence of sanitization or instructions to ignore embedded commands within the retrieved web content before processing.
Audit Metadata