research-to-article
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Python script (
voice_validator.py) via the Bash tool in Phase 5. The command is constructed dynamically using variables such as[name]and file paths. If these variables are derived from untrusted input or malicious research data without proper sanitization, it could lead to command injection within the shell environment. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by processing research data from external sources.
- Ingestion points: Research findings gathered by parallel agents (
research-subagent-executor) from web sources in Phase 1 are used as context for article generation. - Boundary markers: While the skill uses a structured research document template (e.g., headers like "KEY FACTS" and "QUOTES"), it lacks explicit instructions or delimiters that tell the model to ignore any instructions potentially embedded within the gathered research content.
- Capability inventory: The skill has significant capabilities including file writing (
Write), shell command execution (Bash), and the ability to launch background tasks (Task) or other skills (Skill). - Sanitization: There is no evidence of sanitization, filtering, or validation of the research data to remove potentially malicious instructions before it is interpolated into the generation prompt in Phase 4.
Audit Metadata