paper-to-intuition
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): Potential attack surface where instructions hidden in research papers could influence the agent's behavior during the paper transformation process.
- Ingestion points: Processes untrusted external data from academic papers, arXiv links, and PDF files (SKILL.md).
- Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish external paper content from its core operational logic.
- Capability inventory: The skill generates interactive HTML and JavaScript code based on the ingested content, which could be exploited to deliver malicious payloads (SKILL.md).
- Sanitization: No evidence of input validation or sanitization of the research paper content before it is interpolated into the generated code templates.
- Dynamic Execution (LOW): The skill generates executable JavaScript code for visualizations. While this is essential for the primary purpose of the skill, it introduces a dynamic execution surface that is inherently linked to untrusted input sources.
Audit Metadata