review-paper
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface\n
- Ingestion points: The skill accepts user-provided research topics, format preferences, and descriptions of prior/adjacent reviews (SKILL.md Step 0, skill.yml inputs).\n
- Boundary markers: Absent; user input and referenced literature content are interpolated into manuscript scaffolds without delimiters or warnings to ignore embedded instructions.\n
- Capability inventory: The skill uses
Bash,Write,Edit, andGlobtools to create and modify manuscript files on the local system.\n - Sanitization: There is no documented validation or sanitization of the input provided by the user or extracted from research sources before it is processed by the agent.
Audit Metadata