Skills
skills/yipng05-max/-skills/ta-research-AFP-auto/Gen Agent Trust Hub

ta-research-AFP-auto

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed as an execution wrapper that instructs the agent to run a complex Python script (ta_agent.py). This script manages an autonomous 12-step workflow, interacting with the local file system and calling external APIs.
  • [DATA_EXFILTRATION]: The skill reads project configuration (CLAUDE.md) and potentially sensitive research data, such as interview transcripts. This information is transmitted to external services, including the Anthropic API for paper generation and DuckDuckGo for literature verification searches.
  • [PROMPT_INJECTION]: The skill contains a surface for Indirect Prompt Injection (Category 8) due to its handling of untrusted external data.
  • Ingestion points: The agent reads user-provided research questions in CLAUDE.md and interview materials from the project directory (e.g., .txt, .md, .docx files).
  • Boundary markers: The prompt construction logic in ta_checkpoints.py interpolates the ingested data into task messages without using explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The autonomous sub-agent has significant capabilities, including write_file, read_file, list_files, and web_search (network access).
  • Sanitization: There is no evidence of input validation or escaping performed on the ingested research data before it is presented to the LLM for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 09:56 AM