deep-research
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill dynamically constructs shell commands such as
mkdir -p "{output_dir}/{主题名}/images"andpandoc "{主题名}调研报告.md"using topic names derived from external research or user prompts. If these variables contain shell metacharacters like;,&, or|, they could be exploited for command injection into the underlying environment. \n- EXTERNAL_DOWNLOADS (LOW): The skill utilizeswebfetchand search tools to ingest data from untrusted internet sources. While this is the intended functionality for a research tool, it creates a significant entry point for untrusted content. \n- Indirect Prompt Injection (LOW): \n - Ingestion points: External URLs and search result content ingested via
webfetchand search tools. \n - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are provided to the agent when processing untrusted data. \n
- Capability inventory: The skill possesses file system modification (mkdir), file writing (pandoc output), and local script execution capabilities. \n
- Sanitization: No explicit input validation or escaping for shell variables (like topic names) is documented in the instruction set.
Audit Metadata