ai-scientist-evaluator
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script
scripts/aggregate_reviews.pyto aggregate and rank evaluation results. The command execution is localized to the skill's own environment and is used to process structured JSON data produced during the evaluation workflow. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to ingest and evaluate untrusted data (AI scientist outputs such as notebooks, manuscripts, and reports), which presents an inherent surface for indirect prompt injection where the processed data might attempt to influence the evaluation verdict.
- Ingestion points: Artifacts including notebooks, code, figures, and manuscripts are processed by the agent as described in
SKILL.md. - Boundary markers: The skill instructs the agent to act as a 'skeptical reviewer panel' and apply 'hard gates' in
SKILL.md, providing a cognitive boundary, though no explicit technical delimiters are defined for the input data. - Capability inventory: The agent can read local files and execute the internal
scripts/aggregate_reviews.pyscript for data processing. - Sanitization: No explicit sanitization or escaping of the external scientific artifacts is mentioned before the agent processes them.
Audit Metadata