deep-research

Warn

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/install.sh script is configured to clone an external GitHub repository from a non-vendor source (Weizhena/Deep-Research-skills) and copy its contents into the agent's local configuration directories (~/.claude/skills).
  • [REMOTE_CODE_EXECUTION]: In the report generation phase (references/report-pipeline.md), the skill instructs the agent to dynamically write a Python script named generate_report.py and subsequently execute it. This script's logic and data processing depend on content collected from external web sources during earlier research phases.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute installation steps, resolve script paths dynamically using shell pipelines (e.g., ls | head -n1 in references/deep-pipeline.md), and run the validator and report generation scripts.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to its core function of ingesting and processing untrusted data from the internet.
  • Ingestion points: references/web-search-pipeline.md (Web search results from diverse sources)
  • Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted data or to use delimiters.
  • Capability inventory: Bash, WebSearch, WebFetch, Task
  • Sanitization: Absent; the skill does not define methods for sanitizing or escaping data retrieved from the web before it is used to generate the research report or the execution script.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 04:49 AM
Security Audit — agent-trust-hub — deep-research