Skills
skills/shaun-z/auto-claude-code-research-in-sleep/patent-review/Gen Agent Trust Hub

patent-review

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill reads the full contents of files in the patent/ directory (including claims, specifications, and invention disclosures) and transmits them to an external service via the mcp__codex__codex tool. This exposes intellectual property to a third-party AI provider.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection, where malicious instructions inside patent files could influence the agent's behavior.
  • Ingestion points: Reads content from patent/CLAIMS.md, patent/specification/, and patent/PRIOR_ART_REPORT.md (SKILL.md).
  • Boundary markers: The prompt templates in Step 2 and Step 4 do not use delimiters or specific instructions to isolate the patent data from the agent's command context.
  • Capability inventory: The skill possesses the Bash(*), Write, and Edit tools, allowing it to execute shell commands and modify the local filesystem based on the output of the external AI.
  • Sanitization: No input validation or filtering is performed on the content of the patent files before they are processed.
  • [EXTERNAL_DOWNLOADS]: The skill's prerequisites section instructs users to install an external MCP server (codex mcp-server) from an unverified source.
  • [COMMAND_EXECUTION]: The skill requests broad access to the Bash tool, creating a significant attack surface. In the event of a prompt injection via a malicious patent file, the agent could be manipulated into executing harmful shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 03:14 AM