meta-analysis
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands and external binaries (such as
pandocandR) to process data and generate research artifacts. These operations are consistent with the skill's primary purpose of synthesizing medical data and producing PRISMA-compliant manuscripts. - [EXTERNAL_DOWNLOADS]: The workflow references standard external dependencies, including the
python-docxPython library and specialized R statistical packages likemada,meta,metafor, andIPDfromKM. These are well-known tools in the medical research community and are used here to automate document formatting and statistical synthesis. - [PROMPT_INJECTION]: The skill ingests untrusted external data from literature searches and data extraction forms, which presents a surface for indirect prompt injection. To mitigate this risk, the instructions explicitly require independent human verification of all AI-generated content and establish multiple reconciliation gates to ensure numerical and methodological fidelity against primary source documents.
Audit Metadata