learn
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill gathers primary sources by fetching content from external URLs during the 'Collect' phase. It utilizes native environment tools, including WebFetch and curl, to download papers, blog posts, and repository content.
- [COMMAND_EXECUTION]: In Phase 1, the skill uses the
curlcommand as a fallback mechanism to fetch content from the web when specialized reading tools are unavailable. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted research materials from the internet.
- Ingestion points: Research materials are collected in Phase 1 via search plugins, native web search,
WebFetch, orcurl(documented in SKILL.md). - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between the skill's operational instructions and the potentially adversarial content within the fetched documents.
- Capability inventory: The skill can execute shell commands (
curl) and perform file system writes (saving fetched content to~/Downloads/as markdown files). - Sanitization: There is no evidence of content sanitization or validation of the remote data before it is passed to the 'Digest' and 'Outline' phases.
Audit Metadata