Skills
skills/alekseiul/sprut-agent-kit/deep-research-pro/Gen Agent Trust Hub

deep-research-pro

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The README.md file instructs users to clone a repository from an unverified GitHub account (https://github.com/parags/deep-research-pro.git) and execute a script (scripts/research) that automatically downloads and installs dependencies from the internet using the uv package manager.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as described in SKILL.md. It fetches full-page content from arbitrary URLs via web_fetch and synthesizes this data without using boundary markers or specific instructions to ignore embedded malicious content.
  • Ingestion points: Content retrieved via web_fetch in Step 4 of the workflow.
  • Boundary markers: None identified in the workflow instructions.
  • Capability inventory: File system writes to the ~/research/ directory and the ability to spawn subagents using sessions_spawn.
  • Sanitization: No sanitization or validation of the fetched web content is performed before processing.
  • [COMMAND_EXECUTION]: The documentation encourages the execution of a local script (scripts/research) that performs complex tasks including environment management and multi-query execution, which represents a risk if the externally sourced script contains malicious logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 05:28 PM
Security Audit — agent-trust-hub — deep-research-pro