research-guide-updater

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/validate_guide.py to verify the structure of Markdown files. It also instructs the agent to use the gh (GitHub CLI) for reporting technical issues.
  • [DATA_EXFILTRATION]: The skill includes instructions to report bugs by uploading them to a specific GitHub repository (huangwb8/bensz-bugs). This involves sending system or skill-related error data to an external service as part of the vendor's maintenance workflow.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to read external literature review files (in .tex format) and process user dialogue to update local documentation.
  • Ingestion points: External .tex files (literature reviews) and conversation history are read to extract insights.
  • Boundary markers: None explicitly defined for isolating external file content from instructions.
  • Capability inventory: The skill can modify local markdown files and execute the gh CLI tool.
  • Sanitization: No explicit validation or filtering of the content extracted from external files is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 01:06 PM
Security Audit — agent-trust-hub — research-guide-updater