literature-review
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves and synthesizes content from multiple external scientific databases including PubMed, arXiv, and Semantic Scholar. This data ingestion creates a surface for indirect prompt injection, where malicious instructions embedded in paper metadata could potentially influence the agent's behavior during synthesis.
- Ingestion points: The agent ingests external data from academic APIs during the multi-database search and result aggregation phases.
- Boundary markers: The skill's instructions do not include specific delimiters or 'ignore' commands for the agent when processing or summarizing external publication data.
- Capability inventory: The skill is authorized to use
Bash,Write, andEdittools, primarily to execute local processing scripts and generate markdown or PDF outputs. - Sanitization: The documentation does not outline explicit sanitization or filtering steps for retrieved metadata before it is interpolated into the final review documents.
Audit Metadata