research-fleet
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches raw documentation and configuration from GitHub (raw.githubusercontent.com), which is recognized as a trusted and well-known source, to avoid performance issues with rendered web pages.
- [COMMAND_EXECUTION]: Utilizes an internal orchestration protocol called "Fleet wave mechanics" to spawn and manage parallel sub-agents (scouts) in isolated worktrees for research tasks.
- [PROMPT_INJECTION]: The skill maintains an indirect prompt injection surface because it processes and summarizes content retrieved from external web sources. \n
- Ingestion points: The "COMPRESS" step (Step 3) reads research findings generated by scout agents using web search and fetch tools. \n
- Boundary markers: No specific delimiters or instructions are used to isolate untrusted web content from the core research brief or final report instructions. \n
- Capability inventory: Orchestrates the lifecycle of sub-agents, writes to local project directories (.planning/research/), and records logs to telemetry files. \n
- Sanitization: No explicit content validation, sanitization, or escaping of web-sourced data is performed before the synthesis and reporting stages.
Audit Metadata