lead-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions define a legitimate research orchestration workflow without evidence of hidden code, obfuscated commands, or hardcoded secrets.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of well-known LLM models (e.g., DeepSeek-R1, Phi-4) via the Ollama platform for local writing tasks. These are trusted resources from a recognized technology provider.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it integrates untrusted external content into its pipeline logic. Ingestion points: External research papers enter the context in Stage 3 (Literature Synthesis) and Stage 4 (Paper Review), and user results are processed in Stage 7 (Writing). Boundary markers: The orchestrator does not specify delimiters or security instructions to isolate or ignore potentially malicious commands embedded in external papers. Capability inventory: The pipeline coordinates code replication tasks (Stage 6) and file system writes for generating manuscripts (Stage 7). Sanitization: There are no documented procedures for validating or filtering the content of ingested research documents or experimental data.
Audit Metadata