research-question-validator

Warn

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands to modify its environment, specifically by installing a global library (npm install -g docx) and executing a dynamically generated Node.js script via the bash_tool to produce the final document.
  • [EXTERNAL_DOWNLOADS]: The skill fetches resources from external platforms, including the installation of software packages from the public npm registry and providing links for users to download assets from GitHub repositories.
  • [REMOTE_CODE_EXECUTION]: The skill generates executable code at runtime that incorporates content fetched from an external search API. This pattern creates a risk where malicious data within search results (such as paper titles or abstracts) could potentially break script syntax or introduce unauthorized logic during the execution phase.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from an external search engine to synthesize novelty assessments and generate reports. The instructions lack explicit sanitization or boundary markers to ensure that instructions embedded within the search results do not manipulate the agent's behavior or the generated output.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 03:10 PM
Security Audit — agent-trust-hub — research-question-validator