Skills
skills/youmind-openlab/skills/youmind-deep-research/Gen Agent Trust Hub

youmind-deep-research

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the official '@youmind-ai/cli' package from the npm registry to enable research capabilities.
  • [COMMAND_EXECUTION]: Executes the 'youmind' CLI for API interaction and utilizes 'node' to parse and structure research data locally.
  • [PROMPT_INJECTION]: Summarizes research results retrieved from external web sources through the YouMind API, which is an inherent surface for indirect prompt injection in research-oriented skills.
  • Ingestion points: Fetches research message history via 'youmind call listMessages' (SKILL.md).
  • Boundary markers: Relies on the agent's internal logic for summarization without explicit content delimiters.
  • Capability inventory: Shell command execution and Node.js-based JSON processing.
  • Sanitization: Employs 'JSON.parse' within a scripted block to extract structured data fields before summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 03:39 AM