deep-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external web sources, which introduces a surface for indirect prompt injection.
- Ingestion points: External websites, official documentation, and community forums are crawled during Phase 2.
- Boundary markers: The skill requires structured output files but does not specify the use of delimiters to segregate untrusted external content from internal instructions.
- Capability inventory: The agent can write files to user-defined paths and execute system commands via
bashfor statistical analysis. - Sanitization: There is no explicit requirement for the agent to sanitize or filter retrieved content before it is processed.- [DYNAMIC_EXECUTION]: The methodology suggests using
bashtools to perform statistical analysis on research data. This dynamic command execution is constrained to the primary purpose of technical research.- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network requests to collect research data from authoritative sources. This behavior is documented as a core function of the skill and targets reputable information repositories.
Audit Metadata