Skills
skills/zjp1997720/writing-clone-starter/deep-research/Gen Agent Trust Hub

deep-research

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest large amounts of untrusted data from the internet via WebSearch, mcp__web_reader__webReader, and the alpha CLI tool. This content (web pages, academic papers, and GitHub code) is processed by the main agent and sub-agents to generate reports. The instructions lack explicit boundary markers or sanitization logic to distinguish between research data and control instructions, making the skill vulnerable to indirect prompt injection.
  • Ingestion points: references/pipeline.md, agents/researcher.md (via WebSearch, webReader, and alpha CLI).
  • Boundary markers: None identified in the prompt templates for sub-agents.
  • Capability inventory: Bash (command execution), Agent (sub-agent spawning), mcp__Nowledge_Mem__memory_add (persistent storage).
  • Sanitization: None identified.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute commands from the alpha CLI (specifically alpha get and alpha code). These commands are used to fetch and process external data such as research papers and repository content based on URLs or IDs discovered during the research phase.
  • [EXTERNAL_DOWNLOADS]: The skill relies on an external utility, @companion-ai/alpha-hub, which is documented for installation via NPM. The alpha code command specifically downloads content from external GitHub repositories into the agent's environment for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 01:58 PM
Security Audit — agent-trust-hub — deep-research