patent-pipeline
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from external web searches (via
/prior-art-search) and processes user-provided invention descriptions. These inputs are interpolated into prompts for subsequent drafting and review phases without explicit sanitization or strict boundary markers. - Ingestion points:
WebSearchresults, user-providedINVENTION_BRIEF.md, and conversational inputs from$ARGUMENTS. - Capability inventory: The skill has access to file-writing tools, shell execution, and the ability to trigger other agent skills.
- Boundary markers: None explicitly defined in the provided instruction set to isolate external content from the agent's core logic.
- [COMMAND_EXECUTION]: The skill uses the Bash tool for file operations and state management. This is a standard use case for the ARIS architecture and is used to handle large file writes via heredocs, which is a legitimate practice in this environment.
Audit Metadata