software-research
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is designed to perform extensive web-based research, fetching data from technical documentation, RFC repositories, and vulnerability databases (e.g., GitHub, OSV, official documentation sites). This is a core feature for verifying software-related claims.
- [COMMAND_EXECUTION]: The skill leverages platform commands (e.g., open, xdg-open, or start) to open the final research report for the user. This is a standard delivery mechanism for user-requested deliverables created within the skill's specified output directory.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted content from the web (Ingestion points: Phase 1 and Phase 4 agent fetching). However, the skill implements significant mitigations (Sanitization/Mitigation: Multi-agent adversarial verification cross-checks citations against Tier 1 sources). The instructions explicitly require 'version-binding' and the use of 'normative' sources, and the capability inventory is focused on research and report generation.
Audit Metadata