general-writing
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts including research.py and image_search.py within the .claude/skills directory to automate data collection and processing.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. (1) Ingestion points: It reads research.md which is generated from external web content. (2) Boundary markers: No explicit delimiters or instructions are used to prevent the agent from following commands that might be hidden in the research text. (3) Capability inventory: The skill has access to tools such as Bash, Write, and Read. (4) Sanitization: There is no process to sanitize or validate the content of research.md before it is processed by the AI.
Audit Metadata