scientific-revision-tracker

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a workflow that processes untrusted external data, creating an indirect prompt injection surface (Category 8).
  • Ingestion points: The skill reads manuscript content and review response mappings from external files such as manuscript.md and response_mapping.json (Phase 1, 3, 4).
  • Boundary markers: There are no explicit boundary markers or "ignore instructions" delimiters included in the generated tracked manuscripts or revision summaries to prevent the agent from obeying instructions embedded in the manuscript text.
  • Capability inventory: The skill possesses file system write capabilities, including the ability to create directories and write new manuscript versions (open(..., 'w'), pathlib.mkdir).
  • Sanitization: No sanitization, escaping, or validation of the input text content is performed before it is processed, interpolated into markup, and written back to the file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 04:43 AM
Security Audit — agent-trust-hub — scientific-revision-tracker