agent-exploration

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes WebFetch and WebSearch tools within its subagents to retrieve data from external web sources for research purposes.
  • [COMMAND_EXECUTION]: The parent agent is instructed to execute a local bootstrap script (scripts/install-explorer.sh) to install subagent definitions into the workspace (.claude/agents or .codex/agents) or the home directory.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the internet and local filesystem through its subagents.
  • Ingestion points: Data enters the agent context via the WebFetch, WebSearch, and Read tools used by the explorer subagent as defined in assets/explorer-agent.md and assets/explorer-agent.toml.
  • Boundary markers: The skill uses a structured seven-section markdown schema (assets/analysis-template.md) and a 'scoped-write' contract (references/dispatch-rules.md) to constrain subagent output.
  • Capability inventory: Subagents are permitted to perform a single Write operation, execute Bash (intended for read-only tasks like grep or wc), and make network requests.
  • Sanitization: There is no evidence of explicit sanitization or filtering of external content before it is processed by the LLM subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 10:26 PM
Security Audit — agent-trust-hub — agent-exploration