idea-tournament
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion surface. Ingestion points: The skill reads untrusted data from user goals and external research literature in SKILL.md. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the literature data. Capability inventory: The skill relies on write_file and edit_file to store its findings and generate research proposals. Sanitization: No sanitization or validation of the retrieved literature is mentioned before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill makes extensive use of file system tools (write_file, edit_file) to persist state across its generation and ranking phases. While these operations are necessary for the skill's functionality and are restricted to the local workspace, they represent the primary capability surface of the agent.
Audit Metadata