deep-research
Warn
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/install.shscript is configured to clone an external GitHub repository from a non-vendor source (Weizhena/Deep-Research-skills) and copy its contents into the agent's local configuration directories (~/.claude/skills). - [REMOTE_CODE_EXECUTION]: In the report generation phase (
references/report-pipeline.md), the skill instructs the agent to dynamically write a Python script namedgenerate_report.pyand subsequently execute it. This script's logic and data processing depend on content collected from external web sources during earlier research phases. - [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to execute installation steps, resolve script paths dynamically using shell pipelines (e.g.,ls | head -n1inreferences/deep-pipeline.md), and run the validator and report generation scripts. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to its core function of ingesting and processing untrusted data from the internet.
- Ingestion points:
references/web-search-pipeline.md(Web search results from diverse sources) - Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted data or to use delimiters.
- Capability inventory:
Bash,WebSearch,WebFetch,Task - Sanitization: Absent; the skill does not define methods for sanitizing or escaping data retrieved from the web before it is used to generate the research report or the execution script.
Audit Metadata