oma-academic-writer

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data in the form of user-provided drafts, rubrics, and source material (existing_draft, rubric_or_constraint, source_data). This creates a surface for indirect prompt injection, where malicious instructions hidden within the processed documents could attempt to override the agent's behavior.
  • Ingestion points: External data enters the agent context via the mode inputs, specifically when reading the rubric_or_constraint, existing_draft, and source_data files as specified in the Entry flow.
  • Boundary markers: The skill implements a 'rubric-quote gate', which explicitly refuses to apply a rule until the literal text of the constraint is quoted from the source, providing a verification checkpoint.
  • Capability inventory: The skill is limited to READ, WRITE, and EDIT operations on local files and NOTIFY primitives for inter-skill communication. It lacks high-risk capabilities such as arbitrary shell command execution, network access to unknown domains, or dynamic code evaluation.
  • Sanitization: No automated sanitization of input text is documented; however, the skill follows a strict canonical workflow and iterative audit process that enforces specific stylistic protocols.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:18 PM
Security Audit — agent-trust-hub — oma-academic-writer