investigate
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external research papers and literature search results. Because it lacks explicit boundary markers (e.g., XML tags or delimiters) or instructions to ignore embedded commands within this untrusted data, it is vulnerable to indirect prompt injection. Malicious instructions hidden in downloaded PDFs or notes could potentially influence the subagents' behavior or the final summary in
current-understanding.md. - Ingestion points:
reaper-workspace/notes/*.md,reaper-workspace/papers/*.pdf, and literature search results fromarxiv.pyoriacr.py. - Boundary markers: Absent for ingested content.
- Capability inventory: File system read/write, subagent spawning via host tools, and execution of sibling scripts.
- Sanitization: No sanitization or validation of the content of external papers is mentioned before processing.
- [EXTERNAL_DOWNLOADS]: The skill relies on external scripts (
arxiv.py,iacr.py) and prompts the user to install a package (SebastianElvis/reaper) vianpx. This creates a dependency on third-party code that is necessary for the skill's literature search and methodology resolution features. - [COMMAND_EXECUTION]: The investigation loop involves spawning subagents to perform tasks in parallel. This dynamic execution of tasks increases the complexity of the execution environment, especially when subagents are processing data retrieved from external sources.
Audit Metadata