ljg-paper-flow
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative language (强制 NATIVE 模式) to instruct the agent to bypass its standard deliberation and planning loop (OBSERVE/THINK/PLAN/BUILD/EXECUTE/VERIFY/LEARN). This is a technique used to avoid standard framework oversight.
- [PROMPT_INJECTION]: The skill processes untrusted external data (paper titles, URLs, PDFs) which creates a surface for indirect prompt injection. Malicious instructions embedded in the papers could potentially influence the behavior of the sub-agents or the execution of the sub-tools.
- Ingestion points: User messages containing paper sources (URLs, titles, file paths) in SKILL.md.
- Boundary markers: Absent; there are no instructions to the agent to treat external content as data only or to disregard embedded instructions.
- Capability inventory: The skill invokes sub-agents and external tool execution (ljg-paper, ljg-card).
- Sanitization: Absent; the skill does not specify any validation or sanitization for the inputs before passing them to the sub-tools.
Audit Metadata