ai-research-lit
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from external sources.
- Ingestion points: External content is retrieved via parameters such as
materialUrl,materialFile, andmaterialTextas defined inreferences/form-schema.json. - Boundary markers: There are no explicit instructions or delimiters provided in the skill files to segregate untrusted content or warn the agent to ignore embedded instructions within the materials.
- Capability inventory: The skill utilizes
scripts/run.pyto transmit user-provided data and metadata to a remote API (ai-skills.ai) for processing. - Sanitization: No input sanitization or validation logic is present in the local scripts to filter or escape potentially malicious instructions embedded in the external materials.
Audit Metadata