skills/lovstudio/skills/deep-research/Gen Agent Trust Hub

deep-research

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to facilitate its research workflow, including calling the search-cli tool for multi-provider web search, executing python scripts for report validation, and running pnpm run sync:research to publish generated reports to a local project directory. These commands are integral to the skill's primary functionality.
  • [PROMPT_INJECTION]: As the skill ingests and processes large amounts of untrusted data from the web, it possesses an inherent surface for indirect prompt injection. This is addressed in the reference/quality-gates.md file, which establishes a 'Source trust boundary' instructing the agent to treat external content strictly as data and never as instructions, significantly mitigating the risk.
  • [EXTERNAL_DOWNLOADS]: The skill relies on external utilities for its operation, specifically search-cli and weasyprint. These tools are used for their intended purposes (search and PDF conversion) and are clearly identified in the installation documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 02:25 PM
Security Audit — agent-trust-hub — deep-research