deep-research
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill's primary workflow involves collecting external evidence and processing it via subagents, which creates an attack surface for indirect prompt injection.\n
- Ingestion points: Raw research findings collected by the
deepresearchtool are stored in markdown files and then read by drafting subagents in Step 6. User-provided templates and external AI outputs are also processed as part of the report spec and merging steps.\n - Boundary markers: The implementation patterns for drafting subagents (Step 6) do not include delimiters or specific instructions to ignore embedded prompts within the evidence files.\n
- Capability inventory: The skill utilizes the
Tasktool to spawn subagents and performs extensive file-system operations (reading and writing drafts) across the research and intermediate directories.\n - Sanitization: No sanitization or validation logic is specified for the external data before it is interpolated into the prompts for report generation.\n- [NO_CODE]: The skill consists exclusively of markdown instructions and reference checklists. No executable scripts, binaries, or configuration files that trigger automated code execution were found.
Audit Metadata