pipeline-manifest
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill. Its functionality is limited to local file system analysis and documentation.- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill reads and summarizes local research scripts and documentation.
- Ingestion points: It reads content from multiple script types (.py, .R, .do, .jl, .m) and .tex files within the local project directory.
- Boundary markers: The skill lacks explicit markers or delimiters to separate the ingested data from the agent's instructions.
- Capability inventory: The skill uses Write and Edit tools to modify local files based on inferred data.
- Sanitization: File content is processed and summarized without explicit validation or escaping of the ingested text.
- [COMMAND_EXECUTION]: The ability to modify source code is mitigated by a mandatory user confirmation step before any edits are applied.
Audit Metadata