deep-research

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the web using web_search and web_fetch tools, which creates an indirect prompt injection surface where external content could attempt to influence the agent's logic. This risk is mitigated by an architecture where the lead agent only processes distilled notes from subagents rather than raw search context, and through a mandatory 'Counter-Review' phase (P6) that validates claims against multiple independent sources.
  • [DATA_EXFILTRATION]: The skill handles user-provided exclusive sources, such as paid APIs and proprietary databases (e.g., Crunchbase Pro), for research. It includes a 'Source Accessibility Policy' in references/source_accessibility_policy.md specifically designed to prevent 'Circular Verification'—the accidental exposure of user-owned private account data back to the user under the guise of research findings. While the skill manages sensitive user-provided tokens, these operations are guided by explicit privacy and verification boundaries.
  • [COMMAND_EXECUTION]: The orchestration of research tasks involves the generation and execution of shell commands to dispatch subagents (e.g., claude -p ...), as documented in references/subagent_prompt.md. This mechanism is used to parallelize research tasks and manage output files within the local workspace environment, representing a legitimate use of local command execution for agentic coordination.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 07:15 AM
Security Audit — agent-trust-hub — deep-research