research
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes shell commands such as
curl,cargo search,npm view, andpip indexto retrieve package metadata. These are standard operations for a research tool but involve executing commands with parameters derived from external configuration files (prd.json). - EXTERNAL_DOWNLOADS (LOW): The skill performs network requests to external registries like crates.io, npmjs.org, and pypi.org. Although these are reputable sources, they are not on the explicitly trusted whitelist provided in the safety guidelines.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and analyze untrusted external data.
- Ingestion points: Technical research involves reading third-party source code fetched into the
.vendor/directory and processing web search results via MCP tools. - Boundary markers: Absent; there are no instructions to use delimiters or to treat the fetched source code/documentation as untrusted text.
- Capability inventory: The skill can execute local scripts (
fetch-source.sh), run shell commands for package management, and write reports/knowledge base updates to the file system. - Sanitization: Absent; the skill does not mention any validation or sanitization of the external content before analysis.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata