research
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection due to its core requirement to fetch and process live data from the internet.
- Ingestion points: The skill is mandated to use internet search tools to retrieve the latest news and data for research (SKILL.md).
- Boundary markers: Absent. There are no instructions or delimiters provided to the model to distinguish between its own system instructions and potentially malicious content retrieved from web sources.
- Capability inventory: The skill has the ability to write files to the home directory (
~/temp_research_report.md), execute shell commands via a Python script, and delete files (rm). - Sanitization: Absent. There is no mention of filtering or validating the content retrieved from external search results before it is incorporated into the research report or processed by the agent.
- [COMMAND_EXECUTION]: The skill executes a shell command to interface with a local script for data persistence.
- Evidence: `python ~/.claude/skills/notion-save-skill/scripts/save_to_notion.py --title "【研究】{标的}
- {日期}" --file ~/temp_research_report.md`
- Context: This command targets a script within the
notion-save-skilldirectory, which appears to be a local dependency or a related vendor skill from the same environment.
Audit Metadata