research-citation-check

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_ai_alignment.py uses subprocess.run to execute external Python scripts for LaTeX compilation and document conversion.
  • Evidence: The skill triggers rendering workflows by calling subprocess.run on scripts located within a required dependency skill (e.g., research-literature-review). While it uses the current Python interpreter and validated paths, it executes external logic.
  • [PROMPT_INJECTION]: The skill processes untrusted research data, creating a surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: The script scripts/run_ai_alignment.py reads content from user-provided .tex and .bib files, as well as text excerpts from local .pdf files via scripts/bib_utils.py.
  • Boundary markers: Data is structured into an ai_alignment_input.json payload for the agent, but the skill lacks explicit natural language delimiters or 'ignore' instructions to safeguard against malicious content within the analyzed abstracts or PDF text.
  • Capability inventory: The skill is authorized to modify local source files (.tex) and execute shell commands for document rendering via its orchestration scripts.
  • Sanitization: While the skill truncates text to limit context window usage (controlled via config.yaml), it does not sanitize or escape extracted content to prevent instructions embedded in papers from attempting to override the agent's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 06:41 AM
Security Audit — agent-trust-hub — research-citation-check