deep-research
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing a local Python script
scripts/deep_research.pywith various subcommands (start,poll,result, etc.). These commands incorporate user-supplied research themes as arguments, which is a standard pattern for this type of tool. - [EXTERNAL_DOWNLOADS]: The documentation instructs the user to install the
openaiandgoogle-genaiPython packages from standard registries. These are official libraries for the referenced well-known services. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks. It retrieves data from external web sources via the research APIs and saves this content to markdown files (e.g., in
docs/research/). If the agent later reads or processes these research reports, malicious instructions embedded in the external web content could potentially influence the agent's behavior. - Ingestion points: Research results fetched from OpenAI/Google APIs via
python scripts/deep_research.py result. - Boundary markers: Not explicitly defined in the provided instructions for output processing.
- Capability inventory: The skill performs file writes to the local filesystem (
docs/research/) and requires network access to communicate with API providers. - Sanitization: No specific sanitization or filtering of the retrieved research content is mentioned in the documentation.
Audit Metadata