Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/patent-pipeline/Gen Agent Trust Hub

patent-pipeline

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from various source files to draft legal documents.
  • Ingestion points: Reads from INVENTION_BRIEF.md, IDEA_REPORT.md, FINAL_PROPOSAL.md, and NARRATIVE_REPORT.md to gather invention details.
  • Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are defined when interpolating user-provided content into the drafting prompts.
  • Capability inventory: The skill possesses broad capabilities including file system access (Write, Edit, Bash), network operations (WebSearch, WebFetch), and the ability to invoke other agents and skills.
  • Sanitization: There is no evidence of content validation or sanitization before processing the untrusted text from project files.
  • [COMMAND_EXECUTION]: The skill requires Bash(*) permissions for project management and file operations. It specifically utilizes shell heredocs (cat <<'EOF') for reliable file generation across different pipeline phases.
  • [EXTERNAL_DOWNLOADS]: The workflow incorporates external network operations via WebSearch and WebFetch to query patent databases (such as Google Patents and Espacenet) and academic literature during the mandatory prior art search phase.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 10:11 AM