research-curator
Fail
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: CRITICALPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions that require the agent to treat process maps or Mermaid diagrams as 'authoritative' and 'executable'. This directive to 'not improvise, reorder, or skip steps' functions as a safety bypass, potentially forcing the agent to execute malicious logic if such diagrams are found in external data. This creates a significant surface for indirect prompt injection from researched websites.
- [EXTERNAL_DOWNLOADS]: The skill's reference documentation (
references/batch-mode.md) includes a hardcoded example URL (https://url3.com) that is blacklisted and flagged as malicious by security scanners. The core functionality involves fetching content from user-provided and automated sources, which poses a risk when interacting with such untrusted domains. - [COMMAND_EXECUTION]: The skill utilizes shell-based tool execution, including
uv runfor executing Python scripts (validate_research.py) and variousgitcommands for version control. These commands handle paths and parameters derived from user input, and the scripts themselves use dynamic loading (exec_module) to import libraries. - [DATA_EXFILTRATION]: The skill implements a workflow that concludes with
git push, providing a mechanism to transmit data from the local environment to a remote server. This capability increases the risk of exfiltrating sensitive information harvested during the research process if the agent's logic is hijacked.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata