self-review
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute specific Python scripts located in the local workspace or home directory (
verify_refs.pyandcheck_xref.py) to perform automated audits of bibliography and cross-references. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted external manuscripts and has high-privilege capabilities such as file editing and command execution.
- Ingestion points: SKILL.md (Phase 1, Step 1) describes taking manuscript input via PDF, Word, or pasted text.
- Boundary markers: None identified; instructions do not require the agent to wrap manuscript content in delimiters or ignore instructions within that content.
- Capability inventory: Access to tools
Read,Write,Edit,Grep, andGlob, along with the ability to execute shell commands for auditing scripts. - Sanitization: No validation or sanitization of the manuscript content is performed before processing or applying automatic fixes.
Audit Metadata