medical-newsletter-writer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill identifies user-uploaded PDFs as a primary data ingestion point (Phase 1). While this represents a potential surface for indirect prompt injection, the risk is mitigated by the 'Topic Selection' phase (Phase 3), which acts as a human-in-the-loop verification step before the agent proceeds to automated research and writing.
- Ingestion points: PDF upload in Phase 1 of
SKILL.md. - Boundary markers: None explicitly defined for PDF content, though results are presented in a structured table for user review.
- Capability inventory: Web search, PubMed literature search, and text generation; no file-system write or code execution capabilities detected.
- Sanitization: No explicit sanitization mentioned, but user approval of extracted topics serves as a functional gate.
- Data Exposure & Exfiltration (SAFE): The skill utilizes network-enabled tools (
web_search, PubMed) to gather research data. These activities are consistent with the skill's stated purpose and do not involve access to sensitive local files, environment variables, or hardcoded credentials. - External Downloads & References (SAFE): All external references are directed toward reputable academic and news sources (PubMed, Google News). The skill does not attempt to download or execute external scripts, packages, or binary files.
Audit Metadata