review-response
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill attempts to access a file path located outside of its own package environment.
- Evidence: In
SKILL.md, the instructions mandate reading~/.claude/skills/ml-paper-writing/references/knowledge/paper-miner-writing-memory.mdbefore drafting responses. - Impact: This represents a cross-skill data exposure risk, as it targets files within the user's local application configuration directory that may contain sensitive writing history or private data from other tasks.
- [PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection.
- Ingestion points:
SKILL.mdexplicitly instructs the agent to ingest 'reviewer comments text or file' provided by the user. - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat the external comments as data or to ignore any embedded instructions.
- Capability inventory: The agent has read access to multiple local reference files (templates, strategies, tone guidelines) and the capability to generate and export complex rebuttal documents.
- Sanitization: Absent. No validation or filtering is performed on the input text.
- Impact: An attacker could embed malicious instructions within the reviewer comments which the agent might follow while performing the analysis.
Audit Metadata