research-to-practice
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by requiring the agent to ingest and act upon data from untrusted external sources (research papers). This content can influence subsequent steps where the agent proposes changes to the local workspace.
- Ingestion points: Step 1 directs the agent to fetch content from user-provided URLs or search results.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' markers for the fetched content.
- Capability inventory: The workflow involves identifying and planning modifications for specific repository files (e.g., 'repository/core/working_memory.py' mentioned in the example) in Step 5.
- Sanitization: There is no requirement or mechanism mentioned for sanitizing or validating the content of the research papers before analysis.
- [EXTERNAL_DOWNLOADS]: The workflow requires the agent to fetch data from arbitrary external URLs or search engines. While this is the core functionality, it involves interaction with non-whitelisted domains.
- [NO_CODE]: The skill consists exclusively of markdown documentation and metadata, containing no executable scripts, binaries, or automated code triggers.
Audit Metadata