harsh
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is susceptible to instructions embedded in the external files it is designed to process. * Ingestion points: Reads data from README.md, CLAUDE.md, and the ./result and ./manuscripts directories. * Boundary markers: None identified; the skill does not use delimiters to isolate untrusted content from its instructions. * Capability inventory: The skill has the capability to write output files to the ./docs/ directory. * Sanitization: No input validation or sanitization is performed on the data ingested from the manuscripts or documentation.
Audit Metadata