research-protocol
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard development and research protocol with no detected malicious behaviors. It adheres to best practices by restricting file system access and prohibiting source code modification.
- [COMMAND_EXECUTION]: Employs standard project management tools including
cargoandgh. These operations are used for their intended purposes (checking for updates, security advisories, and managing repository issues). - [DATA_EXFILTRATION]: There is no evidence of data exfiltration. Information is retrieved from the local project and public registries, and output is directed to the project's own GitHub repository.
- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external research data and dependency metadata. However, this is mitigated by instructions requiring the agent to perform independent assessments, check for duplicates, and use structured templates before taking action based on external input.
Audit Metadata