deep-research
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs recursive searches across the user's local
~/Documentsdirectory using keywords. This pattern can lead to the accidental exposure of sensitive project details, configuration files, or personal information if the search criteria overlap with private data. - Evidence: Commands such as
find ~/Documents -maxdepth 2 -name "CLAUDE.md" -exec grep -l "KEYWORD" {} \;andgrep -rl "KEYWORD" ~/Documents/basalt-cortex/are used to scan local files. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and summarize untrusted content from the web and local files without safety delimiters.
- Ingestion points: Local project files (e.g.,
CLAUDE.md,ARCHITECTURE.md) and external web sources including blogs, product changelogs, and community forums (Reddit, Hacker News). - Boundary markers: Absent. The skill does not provide instructions to the agent to distinguish between its primary instructions and potential instructions embedded within the researched data.
- Capability inventory: Shell operations (
ls,find,grep) and web research capabilities defined inSKILL.md. - Sanitization: Absent. Content from external sources is synthesized directly into a final research brief.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to explore the local environment and search for relevant project documentation. These commands are executed based on user-provided keywords and interact directly with the local filesystem.
- Evidence:
ls ~/Documents/ | grep -i "KEYWORD"and the variousfindutility calls in the 'Local Exploration' section.
Audit Metadata