research-idea
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python scripts (
init_workspace.py) to execute shell commands viasubprocess.run. These operations are limited to detecting project metadata usinggit(config, branch, and remote info). The arguments are either hardcoded or strictly sanitized using a dedicatedsanitizefunction that removes unsafe characters and enforces alphanumeric naming conventions. - [PROMPT_INJECTION]: The skill processes untrusted external data such as research papers, experimental results, and URLs. This creates a surface for indirect prompt injection. However, the skill implements isolation strategies by instructing the agent to extract only summaries and structured facts into a hidden workspace (
.research-idea/) and provides specific prompts for downstream review agents to limit their context to these processed summaries. - [SAFE]: The skill adheres to best practices for local data management. It defines a hidden workspace for all intermediate artifacts, preventing clutter and accidental exposure of draft data. The
validate_report.pyscript further ensures that the final output does not leak internal paths or manifest data.
Audit Metadata