Skills
skills/oldhouse-g/openclaw-skills/deep-research-pro/Gen Agent Trust Hub

deep-research-pro

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. The skill fetches content from arbitrary external URLs discovered during search and processes it for synthesis into reports without boundary markers or instructions to ignore embedded commands.
  • Ingestion points: SKILL.md (Step 4 fetching search results via curl).
  • Boundary markers: Absent.
  • Capability inventory: File system access (mkdir, write to report.md) and session spawning (sessions_spawn).
  • Sanitization: Absent (uses simple HTML tag stripping which does not filter malicious text instructions).
  • [PROMPT_INJECTION]: Deceptive metadata and identity discrepancies. The skill is attributed to 'AstralSage' and 'paragshah' in metadata, but the installation instructions point to a different GitHub account 'parags'. Discrepancies in naming and identity can be a sign of deceptive metadata.
  • [COMMAND_EXECUTION]: Risk of command injection through shell interpolation. The skill constructs shell commands by interpolating sub-questions and URLs into double-quoted strings in SKILL.md (e.g., ddg "<keywords>" and curl -sL "<url>"). Double quotes in bash allow for command substitution ($(), `) if the interpolated strings contain malicious shell characters.
  • [EXTERNAL_DOWNLOADS]: Interaction with untrusted external servers. The skill uses curl to fetch the full text of websites identified by search results. While necessary for its research function, processing data from unknown remote sources carries inherent risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 01:33 AM
Security Audit — agent-trust-hub — deep-research-pro