run-research
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and process untrusted content from various internet sources, including community forums and blogs. This could lead the agent to follow malicious instructions embedded in web pages.
- Ingestion points: Web search snippets and scraped page content retrieved from Reddit, blogs, and other public sites (SKILL.md, references/tools.md).
- Boundary markers: The skill requires the agent to separate direct evidence from inference and maintain a clear source ledger (references/synthesis.md).
- Capability inventory: The agent can execute web searches, scrape content, use the curl CLI tool, and spawn subagents for parallel processing (references/tools.md, references/orchestrator.md).
- Sanitization: Instructions mandate the use of verbatim quotes for factual claims and the verification of information against primary sources like official documentation (references/synthesis.md).
- [COMMAND_EXECUTION]: The skill instructions specify that if built-in web search and fetch tools fail, the agent should fall back to using the
curlcommand-line utility to retrieve content and then parse it manually. - [DATA_EXFILTRATION]: The skill performs network operations to fetch data from the open web and community platforms like Reddit. While these operations are necessary for the skill's primary function, they involve connections to non-whitelisted domains, which could be used to transmit data externally.
Audit Metadata