literature-research
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface for indirect prompt injection due to its core workflow of processing external, untrusted content.
- Ingestion points: Untrusted data enters the agent's context through searches on arXiv, Google Scholar, and conference proceedings as specified in the 'Execute Academic Search' section of
SKILL.md. - Boundary markers: Absent. There are no instructions for the agent to use delimiters (like triple backticks or XML tags) or to ignore embedded instructions within the research materials it retrieves.
- Capability inventory: The skill has side-effect capabilities, specifically the
create-articlecommand and the generation of date-stamped markdown files as described in the 'Integration with Content Creation' section ofSKILL.md. - Sanitization: No input validation, filtering, or safety sanitization of the retrieved academic content is performed before it is used for content generation.
Recommendations
- AI detected serious security threats
Audit Metadata