Skills
skills/ruvnet/claude-flow/deep-research/Gen Agent Trust Hub

deep-research

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core data-processing logic.
  • Ingestion points: Data enters the agent's context through WebFetch (external URLs) and the Read tool (local codebase files) as described in the 'Steps' section of SKILL.md.
  • Boundary markers: The instructions do not define delimiters or explicit warnings for the agent to disregard potential instructions embedded within the retrieved research data.
  • Capability inventory: The skill has access to powerful tools including Bash (shell access), Write (filesystem modification), and multiple memory storage tools (mcp__claude-flow__memory_store).
  • Sanitization: There is no requirement or mechanism mentioned to sanitize or validate the content fetched from external sources before it is used to influence further steps or stored in memory.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands such as grep and find for codebase analysis.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations using WebSearch and WebFetch to retrieve content from external domains during the research process.
  • [NO_CODE]: No external scripts, binaries, or executable files are included with this skill; it relies entirely on instructions and existing tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — deep-research