research
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes a 'MANDATORY TRIGGER' section that instructs the agent to always invoke this skill when the user mentions 'research' in any form, attempting to override standard agent routing and behavior.
- [COMMAND_EXECUTION]: SKILL.md mandates the immediate execution of a curl command to
http://localhost:8888/notifyupon invocation to send a voice notification. This is an unprompted background network request executed without specific user intent for that command. - [COMMAND_EXECUTION]: Multiple workflows (Enhance.md, ExtractAlpha.md, YoutubeExtraction.md) rely on executing shell commands and external CLI tools such as
fabric,curl, andlsto process data and verify the file system state. - [DATA_EXFILTRATION]: The mandatory notification curl command sends data about the skill's current action and workflow name to a local network port (8888), which could potentially be intercepted or used to interact with other local services.
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and scrape content from across the web using various tools, including built-in web search, BrightData MCP, and Apify MCP. It also includes a protocol to use curl for verifying the status of external URLs.
- [COMMAND_EXECUTION]: The skill frequently accesses internal application directories, such as
~/.claude/PAI/SKILL.md,~/.claude/MEMORY/STATE/, and~/.claude/History/, to load global context, manage research iterations, and store findings.
Audit Metadata