research-guide-updater
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/validate_guide.pyto verify the structure of Markdown files. It also instructs the agent to use thegh(GitHub CLI) for reporting technical issues. - [DATA_EXFILTRATION]: The skill includes instructions to report bugs by uploading them to a specific GitHub repository (
huangwb8/bensz-bugs). This involves sending system or skill-related error data to an external service as part of the vendor's maintenance workflow. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to read external literature review files (in
.texformat) and process user dialogue to update local documentation. - Ingestion points: External
.texfiles (literature reviews) and conversation history are read to extract insights. - Boundary markers: None explicitly defined for isolating external file content from instructions.
- Capability inventory: The skill can modify local markdown files and execute the
ghCLI tool. - Sanitization: No explicit validation or filtering of the content extracted from external files is described.
Audit Metadata