cardiology-trial-editorial
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill demonstrates a vulnerability surface for indirect prompt injection (Category 8) because it is designed to ingest and process untrusted external data (clinical trial abstracts).
- Ingestion points: External article abstracts are ingested by the LLM as described in
references/trial-scoring.md. - Boundary markers: The prompt templates in
references/trial-scoring.mdlack explicit delimiters (e.g., XML tags or triple quotes) or specific instructions to ignore embedded commands within the abstract text. - Capability inventory: The associated script
scripts/score_trial.pyis restricted to basic arithmetic and dictionary lookups; it does not have network access, file-write capabilities, or shell execution functions. - Sanitization: There is no evidence of input sanitization or output validation to prevent the LLM from being influenced by adversarial content within a trial abstract.
Audit Metadata