hypogenic-hypothesis-generation
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (tabular JSON and research PDFs) by interpolating them into LLM prompts (e.g., in
observationsandinferencetemplates). This creates a surface for indirect prompt injection where malicious instructions embedded in the data could influence agent behavior. - Ingestion points: JSON datasets (train/val/test) and literature PDFs (via GROBID).
- Boundary markers: Absent in prompt templates; data is directly interpolated into system and user prompts.
- Capability inventory: Calls to
task.generate_hypotheses,task.inference, and shell script execution for tool setup (setup_grobid.sh). - Sanitization: No explicit sanitization or validation of the content within the ingested data is documented.
- [EXTERNAL_DOWNLOADS]: Fetches example datasets and literature resources from the Chicago Human+AI Lab's (ChicagoHAI) public GitHub repositories.
- [COMMAND_EXECUTION]: Provides instructions for setting up and running the GROBID service and dataset preprocessing scripts to facilitate literature-integrated hypothesis generation.
Audit Metadata