oma-academic-writer
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of user-provided drafts, rubrics, and source material (
existing_draft,rubric_or_constraint,source_data). This creates a surface for indirect prompt injection, where malicious instructions hidden within the processed documents could attempt to override the agent's behavior. - Ingestion points: External data enters the agent context via the
modeinputs, specifically when reading therubric_or_constraint,existing_draft, andsource_datafiles as specified in the Entry flow. - Boundary markers: The skill implements a 'rubric-quote gate', which explicitly refuses to apply a rule until the literal text of the constraint is quoted from the source, providing a verification checkpoint.
- Capability inventory: The skill is limited to
READ,WRITE, andEDIToperations on local files andNOTIFYprimitives for inter-skill communication. It lacks high-risk capabilities such as arbitrary shell command execution, network access to unknown domains, or dynamic code evaluation. - Sanitization: No automated sanitization of input text is documented; however, the skill follows a strict canonical workflow and iterative audit process that enforces specific stylistic protocols.
Audit Metadata