paper-code-audit
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface. The skill is designed to audit external content such as academic papers and codebases. If an attacker embeds malicious instructions within the paper text or code comments, the agent might inadvertently execute them while performing the audit.
- Ingestion points: External papers and public codebases provided for auditing.
- Boundary markers: The provided SKILL.md does not specify delimiters or warnings to ignore embedded instructions in the ingested data.
- Capability inventory: The skill utilizes 'researcher' and 'verifier' agents and has the capability to write audit reports to the 'outputs/' directory.
- Sanitization: No evidence of input sanitization or validation for the analyzed documents is present in this file.
Audit Metadata