nature-reviewer
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: All nine files in the skill consist solely of markdown instructions and static reference data. There is no evidence of executable scripts, binaries, network exfiltration, or unauthorized file access.
- [PROMPT_INJECTION]: The skill processes untrusted user-supplied manuscript data, which creates a surface for indirect prompt injection. However, this risk is mitigated as the skill lacks any tools (such as network access or shell execution) that could be exploited.
- Ingestion points: User-provided manuscripts, abstracts, and author notes enter the agent context through
SKILL.mdandreferences/reviewer-workflow.md. - Boundary markers: The agent is instructed to use explicit markers like
AUTHOR_INPUT_NEEDEDandAssessment boundaryto delimit analyzed content. - Capability inventory: A manual audit confirms zero capabilities beyond text generation; no subprocesses, environment variables, or network protocols are utilized.
- Sanitization: While no explicit input sanitization is performed, the lack of dangerous capabilities prevents any significant impact from malicious input.
Audit Metadata