deepthink

Fail

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes python3 -c to execute Python code that dynamically interpolates the user prompt (<USER_PROMPT_HERE>) into a single-quoted string literal. This pattern is vulnerable to command injection; if a user provides a prompt containing a single quote followed by malicious code, it could lead to arbitrary code execution within the agent's shell environment.
  • [DATA_EXFILTRATION]: The skill's instructions require access to sensitive local files, such as data/portfolio.csv and cash_balance.json, to perform its financial analysis. This data is read and subsequently shared with multiple third-party LLM APIs (GPT, Gemini, Grok), which creates a significant surface for the exposure of private financial information.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection through its autonomous research capabilities. It fetches data from uncontrolled external sources, including the live web (via Gemini Search) and social media (via Grok/X), which could contain adversarial instructions designed to hijack the agent's 'Evaluator-Optimizer' logic.
  • Ingestion points: External data enters the context through grok.search_x_sentiment, gemini.deep_research, and Google Search Grounding.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potential instructions embedded within the retrieved search results.
  • Capability inventory: The skill possesses high-privilege capabilities, including the ability to execute shell commands, read local files, and initiate network requests to multiple LLM providers.
  • Sanitization: The skill lacks mechanisms to sanitize or filter external content from web searches or social media before it is used to influence internal decision-making processes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 21, 2026, 06:20 AM
Security Audit — agent-trust-hub — deepthink