whitepaper-audit
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script (
scripts/check_doc.py) for deterministic analysis and runs a pytest suite (scripts/tests/test_check_doc.py) to verify tool integrity. - [EXTERNAL_DOWNLOADS]: The link-checking functionality performs outbound HTTP(S) HEAD and GET requests to validate external URLs found within the audited documents, using a defined 5-second timeout.
- [PROMPT_INJECTION]: The skill processes untrusted user-supplied markdown files. Evidence chain: (1) Ingestion point: document path; (2) Boundary markers: absent in main judge prompt; (3) Capability inventory: local script execution, file read/write; (4) Sanitization: markdown stripping performed in the script lane.
- [REMOTE_CODE_EXECUTION]: The
fixmode enables the agent to apply corrections using a test-driven development workflow, which involves generating and executing local tests to verify changes to technical content.
Audit Metadata