Skills
skills/edwinhu/workflows/source-verify/Gen Agent Trust Hub

source-verify

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several command-line utilities to perform its verification logic. It uses rg and rga for searching local files and PDF contents, gws to interact with Google Drive, and pixi to dynamically run a Python script for extracting footnotes from DOCX documents.
  • [EXTERNAL_DOWNLOADS]: Retrieves a BibTeX reference file (paperpile.bib) and source PDF documents from Google Drive using the gws tool.
  • [REMOTE_CODE_EXECUTION]: Executes SQL queries on a remote database server via an SSH tunnel (ssh wrds) to the Wharton Research Data Services (WRDS) platform at wharton.upenn.edu. This is a legitimate research database connection.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it extracts text from user-provided manuscripts and uses it in RAG queries and search parameters. Ingestion points: Text content from manuscript.docx or markdown files. Boundary markers: No delimiters or warnings are used in the prompt templates sent to RAG systems like NLM or Readwise. Capability inventory: Subprocess execution for tools like ssh and gws, local file read/write, and network access. Sanitization: There is no evidence of sanitization or escaping of the extracted footnote text before it is used in CLI commands or LLM prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:36 AM
Security Audit — agent-trust-hub — source-verify