manage-submission
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
make paper P=<slug>andmake checkto verify artifacts and build the manuscript. These are standard development operations for the intended use case. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted external data.
- Ingestion points: Processes 'decision letters' and 'reviews' verbatim from external venues in
SKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded commands within the reviews are defined.
- Capability inventory: The agent has file-write access to the repository and the ability to execute
makecommands. - Sanitization: No sanitization or filtering of the review content is specified before the agent summarizes it or builds a concern map.
Audit Metadata