beary
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's primary function in
skills/internet-research/SKILL.mdis to conduct extensive internet research, fetching content from web pages, academic journals, and technical documentation to generate notes. - [COMMAND_EXECUTION]: The skill executes a local shell script (
scripts/is-beary-summon.sh) to normalize user input and detect the activation keyword in the initial prompt. - [PROMPT_INJECTION]: The research workflow is vulnerable to indirect prompt injection (Category 8) due to the ingestion of untrusted external data.
- Ingestion points: Research data is collected from arbitrary URLs via the
internet-researchskill and stored inbeary-scratchpad/for synthesis. - Boundary markers: The skill does not utilize explicit delimiters or 'ignore' instructions when interpolating gathered research into prompts for whitepaper writing.
- Capability inventory: The agent has permissions to access the internet, execute local scripts, and perform file-system modifications (
edit_file). - Sanitization: No evidence of sanitization, filtering, or validation of the content retrieved from the internet was found before it is processed by the agent.
Audit Metadata