scholar-evaluation
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it evaluates untrusted academic content which can influence subsequent agent actions, such as scoring and diagram generation. A malicious paper could include instructions to bias the evaluation or exploit the image generation loop.
- Ingestion points: Research papers and proposals processed in
SKILL.md. - Boundary markers: No delimiters or 'ignore' instructions are used when processing external documents.
- Capability inventory: Execution of Python scripts via
subprocess.runand API requests to OpenRouter for image generation. - Sanitization: No input filtering or validation is implemented for the analyzed content.
- [COMMAND_EXECUTION]: The skill executes local Python scripts using
subprocess.runto automate the evaluation workflow. Although implemented safely without a shell, this provides an execution surface for data-driven arguments. - [EXTERNAL_DOWNLOADS]: The skill communicates with
openrouter.aito perform AI-assisted schematic generation and review. This is documented as a well-known service and used for its primary purpose.
Audit Metadata