research-citation-check
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/run_ai_alignment.pyusessubprocess.runto execute external Python scripts for LaTeX compilation and document conversion. - Evidence: The skill triggers rendering workflows by calling
subprocess.runon scripts located within a required dependency skill (e.g.,research-literature-review). While it uses the current Python interpreter and validated paths, it executes external logic. - [PROMPT_INJECTION]: The skill processes untrusted research data, creating a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: The script
scripts/run_ai_alignment.pyreads content from user-provided.texand.bibfiles, as well as text excerpts from local.pdffiles viascripts/bib_utils.py. - Boundary markers: Data is structured into an
ai_alignment_input.jsonpayload for the agent, but the skill lacks explicit natural language delimiters or 'ignore' instructions to safeguard against malicious content within the analyzed abstracts or PDF text. - Capability inventory: The skill is authorized to modify local source files (
.tex) and execute shell commands for document rendering via its orchestration scripts. - Sanitization: While the skill truncates text to limit context window usage (controlled via
config.yaml), it does not sanitize or escape extracted content to prevent instructions embedded in papers from attempting to override the agent's behavior.
Audit Metadata