scientific-revision-tracker
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow that processes untrusted external data, creating an indirect prompt injection surface (Category 8).
- Ingestion points: The skill reads manuscript content and review response mappings from external files such as
manuscript.mdandresponse_mapping.json(Phase 1, 3, 4). - Boundary markers: There are no explicit boundary markers or "ignore instructions" delimiters included in the generated tracked manuscripts or revision summaries to prevent the agent from obeying instructions embedded in the manuscript text.
- Capability inventory: The skill possesses file system write capabilities, including the ability to create directories and write new manuscript versions (
open(..., 'w'),pathlib.mkdir). - Sanitization: No sanitization, escaping, or validation of the input text content is performed before it is processed, interpolated into markup, and written back to the file system.
Audit Metadata