ai-research-lit

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from external sources.
  • Ingestion points: External content is retrieved via parameters such as materialUrl, materialFile, and materialText as defined in references/form-schema.json.
  • Boundary markers: There are no explicit instructions or delimiters provided in the skill files to segregate untrusted content or warn the agent to ignore embedded instructions within the materials.
  • Capability inventory: The skill utilizes scripts/run.py to transmit user-provided data and metadata to a remote API (ai-skills.ai) for processing.
  • Sanitization: No input sanitization or validation logic is present in the local scripts to filter or escape potentially malicious instructions embedded in the external materials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-research-lit