deep-research-with-instructions
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and summarizing untrusted data from external websites.
- Ingestion points: External data enters the agent's context through tools such as
mcp__exa__web_search_exa,mcp__exa__crawling_exa,WebFetch, andmcp__plugin_context7_context7__query-docs(as documented inSOURCES.md). - Boundary markers: There are no specific boundary markers or instructions to ignore potential commands within the fetched content implemented in the research prompts.
- Capability inventory: The skill possesses capabilities including writing to local files (creating and updating state and findings in the
.plans/directory and modifying.gitignore), prompting the user viaAskUserQuestion, and delegating tasks to general-purpose sub-agents (referenced inSKILL.md). - Sanitization: The instructions do not include steps to sanitize, escape, or validate external content before it is incorporated into findings or passed to sub-agents for summarization.
Audit Metadata