literature-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary purpose is to process data from external sources such as PubMed, bioRxiv, and Semantic Scholar. This creates a surface for indirect prompt injection if an attacker-controlled paper abstract contains malicious instructions.
- Ingestion points: External academic databases via agent search capabilities.
- Boundary markers: Absent. The templates provided do not include explicit delimiters or 'ignore embedded instructions' warnings for the processed text.
- Capability inventory: The skill is restricted to reasoning and writing Markdown/BibTeX files to the
.research/literature/directory. No subprocess execution or arbitrary network operations are defined. - Sanitization: Absent. While the skill emphasizes 'Citation Verification' for accuracy, it does not include instructions to sanitize or escape input text to prevent instruction override.
Audit Metadata