research
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from web searches and research tools and writes this data to the local filesystem. * Ingestion points: Web search results and sub-agent research tools (SKILL.md). * Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are included. * Capability inventory: Filesystem write access to 'C:\Users\Sarfraz\OneDrive\Documents\AI-Generated-Researches'. * Sanitization: Absent; the skill does not specify validation or filtering of external content.
- [COMMAND_EXECUTION]: The skill invokes the 'Gemini CLI' and performs local filesystem operations to store research findings.
Audit Metadata