research
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill mandates reading sensitive configuration files at ${PAI_DIR}/.claude/skills/CORE/SKILL.md which contain contact lists and ElevenLabs Voice IDs, exposing them to the agent context.
- [PROMPT_INJECTION] (HIGH): Mandatory Evidence Chain: 1. Ingestion points: External web results gathered by up to 24 parallel research agents (perplexity, claude, gemini). 2. Boundary markers: Absent; results are synthesized directly without isolation. 3. Capability inventory: Access to sensitive personal data and file system write access in scratchpad and history directories. 4. Sanitization: Absent. Malicious web content could trigger unauthorized actions or data leakage during the synthesis phase.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing an external slash command /conduct-research and the be-creative skill, creating a dependency on external logic that is not provided for review.
Recommendations
- AI detected serious security threats
Audit Metadata