Skills
skills/a-green-hand-jack/ml-research-skills/baseline-selection-audit/Gen Agent Trust Hub

baseline-selection-audit

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and act upon untrusted external data using tools with high system capabilities.
  • Ingestion points: Step 2 in SKILL.md directs the agent to retrieve external data using WebSearch and WebFetch from sources like arXiv and OpenReview.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing fetched content, which may allow malicious instructions in external papers to influence agent behavior.
  • Capability inventory: The skill is granted Bash, Write, and Edit permissions, allowing it to modify the local file system and execute shell commands (SKILL.md Steps 7 and 8).
  • Sanitization: There are no requirements for sanitizing or validating the integrity of external content before it is parsed and used to update project memory or generate reports.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 12:40 PM