research-brief
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use a
curlcommand to register the automation with the platform's backend. This operation uses environment variables provided by the agent's runtime environment to communicate with the vendor's own infrastructure. - [DATA_EXFILTRATION]: The skill transmits the research prompt and schedule to the
OPENHANDS_HOST. As this host is part of the vendor's official automation infrastructure, the data transfer is considered a standard operational requirement for the skill's stated purpose. - [INDIRECT_PROMPT_INJECTION]: The skill summarizes content gathered from the web via the Tavily MCP. This creates a potential surface for indirect prompt injection if malicious instructions are encountered on external websites. However, this is an inherent risk for research-oriented tasks, and no evidence of targeted exploitation is present in the skill code.
Audit Metadata