skills/brycewang-stanford/awesome-agent-skills-for-empirical-research/submission-prep/Gen Agent Trust Hub
submission-prep
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script (
scripts/render.sh) to render the manuscript as part of its automated workflow. - [PROMPT_INJECTION]: The skill processes untrusted content from external manuscript files (
index.qmd,references.bib) and notebook files, which constitutes an indirect prompt injection attack surface. - Ingestion points: Data is read from
index.qmd,references.bib, and various Jupyter notebook files referenced in the manuscript. - Boundary markers: The instructions do not specify any delimiters or ignore-instructions to isolate the manuscript text from the agent's logic.
- Capability inventory: The agent has access to shell execution (
Bash), file manipulation (Write,Edit), and file system traversal (Glob). - Sanitization: There is no evidence of sanitization or escaping of the content read from the manuscript files before it is processed by the agent.
Audit Metadata