research-idea

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python scripts (init_workspace.py) to execute shell commands via subprocess.run. These operations are limited to detecting project metadata using git (config, branch, and remote info). The arguments are either hardcoded or strictly sanitized using a dedicated sanitize function that removes unsafe characters and enforces alphanumeric naming conventions.
  • [PROMPT_INJECTION]: The skill processes untrusted external data such as research papers, experimental results, and URLs. This creates a surface for indirect prompt injection. However, the skill implements isolation strategies by instructing the agent to extract only summaries and structured facts into a hidden workspace (.research-idea/) and provides specific prompts for downstream review agents to limit their context to these processed summaries.
  • [SAFE]: The skill adheres to best practices for local data management. It defines a hidden workspace for all intermediate artifacts, preventing clutter and accidental exposure of draft data. The validate_report.py script further ensures that the final output does not leak internal paths or manifest data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 02:37 PM
Security Audit — agent-trust-hub — research-idea