deepthink
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manifest requests access to the
Bashtool. While the provided instructions do not contain specific malicious shell commands, the availability of this tool to an agent processing untrusted data provides a high-impact attack surface. - [EXTERNAL_DOWNLOADS]: The skill uses
WebSearchandWebFetchto retrieve information from the public internet during the Market Research and Gap Research phases. This data is treated as context for subsequent analysis steps. - [DATA_EXFILTRATION]: The skill reads local configuration files (specifically other skill definitions in
.claude/skills/) and user-provided research targets. This information is then processed by agents that have the capability to make network requests, creating a potential path for data leakage if the agent is compromised. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from the web and feeds it directly into prompts for sub-agents without sanitization.
- Ingestion points: Untrusted data enters via
WebSearchandWebFetchin Phase 1 (Market Research) and Phase 4 (Gap Research). - Boundary markers: The instructions do not define delimiters or provide 'ignore embedded instructions' warnings when passing fetched web content to the sub-analysts.
- Capability inventory: The pipeline uses tools with high privilege, including
Bashfor command execution,Write/Editfor file system modification, andAgentfor spawning sub-tasks. - Sanitization: No sanitization, filtering, or validation is performed on the content retrieved from the web before it is interpolated into the prompts for the research agents.
Audit Metadata