research-integration
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill generates a standalone Python script (test-api.py) based on research findings derived from untrusted external documentation and vendor repositories. It also performs a syntax check on the generated file using the python3 compiler, which executes the script logic at a basic level.\n- [EXTERNAL_DOWNLOADS]: The skill instructs subagents to clone git repositories and install software packages using pip or npm from external sources to analyze vendor-specific SDKs and schema definitions during the research process.\n- [COMMAND_EXECUTION]: Research subagents are authorized to execute Python analysis scripts against raw data artifacts, and the orchestrator executes shell commands to verify generated code and manage directory structures.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and synthesizing data from arbitrary documentation URLs, vendor portals, and code repositories.\n
- Ingestion points: Documentation URLs, git repositories, and SDK packages fetched during subagent research tasks (Phase 2).\n
- Boundary markers: The skill does not provide instructions to use delimiters or ignore-embedded-instruction warnings when subagents process external documentation.\n
- Capability inventory: Subagents can perform network fetches, clone repos, install packages, and execute Python scripts, which can be leveraged if a subagent is influenced by malicious instructions in a processed document.\n
- Sanitization: While the skill advises anonymizing sample data (IPs, names), it lacks generic sanitization or validation for the content of fetched documentation.
Audit Metadata