comprehensive-research-agent
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified due to processing of untrusted external content combined with file writing capabilities. Evidence: (1) Ingestion points: search, read_url, and fetch tools in SKILL.md. (2) Boundary markers: No explicit markers or ignore-instructions for external content. (3) Capability inventory: write and save tools for managing research notes. (4) Sanitization: No filtering or validation of external text performed.
- [EXTERNAL_DOWNLOADS]: Skill instructions involve fetching data from external URLs as a primary function for research gathering.
- [COMMAND_EXECUTION]: Uses local file system operations to read and write research notes, emphasizing content verification with read_file.
Audit Metadata