health
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill accepts user-provided research topics, focus areas, and specific questions which are subsequently interpolated into the prompts for specialized research agents.
- Ingestion points: User input is captured in the
gather_topicstep ofworkflows/investigate.md. - Boundary markers: The orchestrator in
workflows/orchestrate.mduses structural XML-like tags (e.g.,<objective>,<context>,<evidence_requirements>) to delimit user-supplied content from system instructions. - Capability inventory: The skill has access to
Bash(for directory and file management),Write/Edit(for creating requests and research summaries), and theTasktool (for spawning sub-agents). - Sanitization: The workflow implements a mandatory "Conversational Refinement" process that requires the user to explicitly confirm the interpreted research plan via
ask_userbefore any files are generated or agents are spawned. - [COMMAND_EXECUTION]: The skill uses the
Bashtool for operational tasks such as directory creation, generating unique identifiers viauuidgen, and performing file integrity checks (e.g.,grepfor disclaimers). The skill includes explicit self-imposed restrictions that block destructive commands, privilege escalation (sudo), and unauthorized file system access outside of designated.research/and.requests/directories.
Audit Metadata