whitepaper-audit

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled Python script (scripts/check_doc.py) for deterministic analysis and runs a pytest suite (scripts/tests/test_check_doc.py) to verify tool integrity.
  • [EXTERNAL_DOWNLOADS]: The link-checking functionality performs outbound HTTP(S) HEAD and GET requests to validate external URLs found within the audited documents, using a defined 5-second timeout.
  • [PROMPT_INJECTION]: The skill processes untrusted user-supplied markdown files. Evidence chain: (1) Ingestion point: document path; (2) Boundary markers: absent in main judge prompt; (3) Capability inventory: local script execution, file read/write; (4) Sanitization: markdown stripping performed in the script lane.
  • [REMOTE_CODE_EXECUTION]: The fix mode enables the agent to apply corrections using a test-driven development workflow, which involves generating and executing local tests to verify changes to technical content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 01:17 AM
Security Audit — agent-trust-hub — whitepaper-audit