research
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is instructed to execute a local shell script at
hack/spec_metadata.shto generate metadata for documentation. It also leverages system tools includinggitandgh(GitHub CLI) to retrieve branch, commit, and repository information. - [EXTERNAL_DOWNLOADS]: If requested by the user, the skill invokes a
web-search-researchersub-agent to fetch data from external websites and resources. - [PROMPT_INJECTION]: The skill processes untrusted data from the codebase and external web searches, creating an indirect prompt injection vulnerability.
- Ingestion points: The skill reads user-specified files in their entirety and processes results from web searches.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent or its sub-agents to ignore or isolate instructions that may be embedded within the files or web content being researched.
- Capability inventory: The skill has the ability to read arbitrary files, create directories, write documentation to the filesystem, and execute local scripts.
- Sanitization: The skill lacks any description of sanitization or validation logic to filter content retrieved from the codebase or the internet before it is synthesized into research reports.
Audit Metadata