check-review-alignment
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts for document compilation using
subprocess.run. These scripts are part of thesystematic-literature-reviewdependency. The execution is performed without a shell and uses sanitized paths, minimizing command injection risks. - [DATA_EXPOSURE]: The script reads and processes content from user-provided LaTeX, BibTeX, and PDF files within the designated work directory. Extracted data is stored in a structured JSON file in a hidden subdirectory for processing. There is no evidence of unauthorized file access outside the provided directory or data exfiltration.
- [PROMPT_INJECTION]: The skill processes external, untrusted document content which creates a surface for indirect prompt injection. However, the skill's narrow operational boundaries—specifically the instructions to only modify citation-bearing sentences and follow a strict error-priority hierarchy—serve as effective mitigations against malicious instructions embedded in paper abstracts or PDFs.
Audit Metadata