paper-review
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is comprised entirely of markdown-based instructions and checklists. No executable code, binary files, or external scripts are included.
- [PROMPT_INJECTION]: The skill's primary function is to process user-provided academic paper drafts, which establishes a surface for indirect prompt injection. No malicious patterns were identified within the skill's logic.
- Ingestion points: Document content is ingested from the user's filesystem via the read_file tool mentioned in SKILL.md.
- Boundary markers: The instructions do not define delimiters (e.g., XML tags or triple quotes) to isolate user content from the agent's instructions.
- Capability inventory: The agent is authorized to use read_file, edit_file, and write_file tools.
- Sanitization: There is no logic for sanitizing or validating the contents of the files being read.
Audit Metadata