process-reviews
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from referee review PDFs to generate analysis and tracking files. Malicious instructions within these documents could attempt to manipulate the agent's behavior during analysis and file generation.\n
- Ingestion points: External PDF files identified in Phase 2 are read using the
Readtool.\n - Boundary markers: No explicit delimiters or instructions are used to separate untrusted PDF content from agent instructions.\n
- Capability inventory: The agent possesses
Write,Edit,Bash, andTaskcapabilities.\n - Sanitization: Verbatim reviewer text is not sanitized before being placed into prompts or files.\n- [COMMAND_EXECUTION]: The skill executes
latexmkvia theBashtool to compile a LaTeX document containing verbatim text from the untrusted reviews. If the LaTeX environment is configured with shell-escape enabled, malicious macros within the PDF content could lead to arbitrary command execution on the host system.\n- [DATA_EXFILTRATION]: The skill performs network requests to the Elsevier Serial Title API to retrieve journal metrics. This utilizes a well-known service to provide ranking data as part of the primary publication strategy functionality.
Audit Metadata