define-variables
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external, untrusted data which creates a surface for indirect prompt injection.\n
- Ingestion points: The agent reads data dictionaries (xlsx, csv, markdown) and results from lit-search tools into its context.\n
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within external data are provided.\n
- Capability inventory: The skill has access to Bash, Write, and Edit tools.\n
- Sanitization: There is no mention of sanitizing external data before it is processed.\n- [COMMAND_EXECUTION]: The skill instructs the agent to run a local script (check_dictionary_citations.py) via the Bash tool as a validation step.
Audit Metadata