Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/research-review/Gen Agent Trust Hub

research-review

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill gathers 'comprehensive context' from project documents such as paper drafts, notes, and narratives, and transmits them to an external model via the mcp__codex__codex tool. This involves sending potentially sensitive or proprietary research data to external infrastructure.
  • [EXTERNAL_DOWNLOADS]: The skill instructions require the manual installation of an external MCP server (codex mcp-server) that is not sourced from a well-known or verified registry, introducing a supply chain dependency on unvetted software.
  • [COMMAND_EXECUTION]: The workflow references and executes a local shell script tools/save_trace.sh for logging traces. Because this script is not provided within the skill package, its behavior cannot be inspected or verified, posing a risk of executing malicious local code.
  • [PROMPT_INJECTION]: The skill ingests data from untrusted local files (e.g., STORY.md, drafts) and interpolates them directly into prompts for an external LLM without boundary markers or sanitization. This provides an attack surface for indirect prompt injection where instructions hidden in the files could influence the agent's behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 01:26 AM
Security Audit — agent-trust-hub — research-review