manage-submission

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using make paper P=<slug> and make check to verify artifacts and build the manuscript. These are standard development operations for the intended use case.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted external data.
  • Ingestion points: Processes 'decision letters' and 'reviews' verbatim from external venues in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within the reviews are defined.
  • Capability inventory: The agent has file-write access to the repository and the ability to execute make commands.
  • Sanitization: No sanitization or filtering of the review content is specified before the agent summarizes it or builds a concern map.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 02:37 PM
Security Audit — agent-trust-hub — manage-submission