deep-research
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of several internal Python scripts (
research_engine.py,validate_report.py,verify_citations.py,md_to_html.py,verify_html.py) to manage research states, validate report quality, and handle document format conversions. These scripts use only Python standard library modules. - [EXTERNAL_DOWNLOADS]: The skill gatherers data from a wide range of external online sources using platform-integrated search tools like
WebSearchandExa. It explicitly targets academic repositories (e.g., ArXiv), technical documentation (e.g., MDN, AWS), and reputable news organizations. - [PROMPT_INJECTION]: The skill instructions employ an 'Autonomy Principle' and detailed directives (e.g., 'Word Precision Audit') to guide the agent toward independent, assertive execution of research tasks. While these instructions override standard conversational boundaries to ensure professional output, they are aligned with the skill's primary research purpose.
- [DYNAMIC_EXECUTION]: To overcome output token limits, the skill implements a recursive agent spawning system. It dynamically generates complex prompts to initialize continuation agents through the platform's 'Task' tool, passing state information (themes, citations, narrative arc) between sessions.
- [DATA_EXFILTRATION]: The skill stores comprehensive research data, including raw findings, synthesized insights, and metadata, in a local directory (
~/.claude/research_output/). There is no evidence of these local data stores being transmitted to unauthorized external domains.
Audit Metadata