skills/brycewang-stanford/awesome-agent-skills-for-empirical-research/referee-response/Gen Agent Trust Hub
referee-response
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from referee comments.
- Ingestion points: Reads referee comments from a file path provided via
$ARGUMENTSor from text pasted by the user in SKILL.md (Step 1). - Boundary markers: Absent; there are no specific delimiters or instructions to the model to ignore embedded commands within the referee text.
- Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit in SKILL.md, which could be exploited if malicious instructions are successfully injected.
- Sanitization: Absent; the input is parsed directly into individual points without validation or filtering.
- Mitigation: The skill correctly implements a safeguard by presenting suggested manuscript edits to the user for approval rather than applying them automatically in SKILL.md (Step 8).
Audit Metadata