The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute local Python scripts.
In research-deep/SKILL.md, it executes a validation script python ~/.claude/skills/research/validate_json.py to check the integrity of JSON results.
In research-report/SKILL.md, it executes a generated script python {topic}/generate_report.py to compile the final report.
[REMOTE_CODE_EXECUTION]: The skill performs dynamic code generation and execution which is a critical attack vector if subverted.
The /research-report command is designed to generate a Python script (generate_report.py) at runtime based on the research results and then immediately execute it. While used here for data aggregation, this pattern can be exploited if malicious data from search results or user input is interpolated into the script without proper sanitization.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality.
Ingestion points: Untrusted data enters the system through the WebSearch tool used by the web-search-agent to crawl various websites (Reddit, GitHub, Technical Forums, etc.).
Capability inventory: The skill has Write access to create files/scripts and Bash access to execute them, which increases the impact if an injection occurs.
Sanitization: There is no explicit sanitization or filtering mentioned for the content retrieved from web searches before it is written to the results JSON files and subsequently processed by scripts and reporting agents.
Boundary markers: While the prompts use structured headers, they do not include explicit instructions to ignore embedded malicious commands within the searched content.

deep-research