agent-exploration
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
WebFetchandWebSearchtools within its subagents to retrieve data from external web sources for research purposes. - [COMMAND_EXECUTION]: The parent agent is instructed to execute a local bootstrap script (
scripts/install-explorer.sh) to install subagent definitions into the workspace (.claude/agentsor.codex/agents) or the home directory. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the internet and local filesystem through its subagents.
- Ingestion points: Data enters the agent context via the
WebFetch,WebSearch, andReadtools used by theexplorersubagent as defined inassets/explorer-agent.mdandassets/explorer-agent.toml. - Boundary markers: The skill uses a structured seven-section markdown schema (
assets/analysis-template.md) and a 'scoped-write' contract (references/dispatch-rules.md) to constrain subagent output. - Capability inventory: Subagents are permitted to perform a single
Writeoperation, executeBash(intended for read-only tasks likegreporwc), and make network requests. - Sanitization: There is no evidence of explicit sanitization or filtering of external content before it is processed by the LLM subagents.
Audit Metadata