deep-research

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs recursive searches across the user's local ~/Documents directory using keywords. This pattern can lead to the accidental exposure of sensitive project details, configuration files, or personal information if the search criteria overlap with private data.
  • Evidence: Commands such as find ~/Documents -maxdepth 2 -name "CLAUDE.md" -exec grep -l "KEYWORD" {} \; and grep -rl "KEYWORD" ~/Documents/basalt-cortex/ are used to scan local files.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and summarize untrusted content from the web and local files without safety delimiters.
  • Ingestion points: Local project files (e.g., CLAUDE.md, ARCHITECTURE.md) and external web sources including blogs, product changelogs, and community forums (Reddit, Hacker News).
  • Boundary markers: Absent. The skill does not provide instructions to the agent to distinguish between its primary instructions and potential instructions embedded within the researched data.
  • Capability inventory: Shell operations (ls, find, grep) and web research capabilities defined in SKILL.md.
  • Sanitization: Absent. Content from external sources is synthesized directly into a final research brief.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to explore the local environment and search for relevant project documentation. These commands are executed based on user-provided keywords and interact directly with the local filesystem.
  • Evidence: ls ~/Documents/ | grep -i "KEYWORD" and the various find utility calls in the 'Local Exploration' section.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 06:24 AM
Security Audit — agent-trust-hub — deep-research