research-pipeline
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (
scripts/snapshot_manifest.pyandscripts/check_research_snapshots.py) to manage a research artifact cache. These scripts perform file system operations such as creating directories and writing snapshot files to a user-defined cache path (defaulting to~/.cache/agent-research/snapshots). - [EXTERNAL_DOWNLOADS]: Documentation references the use of various web fetching tools and techniques (e.g.,
defuddle,firecrawl, WayBack Machine) to retrieve research sources. This behavior is integral to the skill's primary function of conducting multi-source research. - [INDIRECT_PROMPT_INJECTION]: The pipeline is designed to ingest and verify data from external web sources. It explicitly identifies this as a risk surface and implements a 'Verification Funnel' (Stage 5) and an 'Adversarial Pass' (Stage 6) to mitigate potential misinformation or overreaching claims from these untrusted sources.
- Ingestion points:
sys.stdin.read()inscripts/snapshot_manifest.pyreceives content extracted from external URLs. - Boundary markers: Stage 5 instructions enforce 'verbatim substring' checks and 'token co-occurrence' windows to validate content against the original source.
- Capability inventory: Local file writing and directory creation are performed in
scripts/snapshot_manifest.pyandscripts/check_research_snapshots.py. - Sanitization: While the scripts do not sanitize the HTML/markdown body, they use a content-addressed storage system (SHA256 hashes as filenames) which prevents path traversal or arbitrary file overwriting.
Audit Metadata