academic-pipeline
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by ingesting and processing untrusted data from user manuscripts, external reviewer feedback, and literature corpuses.
- Ingestion points: The skill processes user-supplied paper drafts in Stage 2, external reviewer feedback (text/PDF/DOCX) in Stage 4, and user-provided literature corpuses (JSON/YAML) in Stage 1.
- Capability inventory: The agent has the capability to execute local Python scripts, perform web searches, and call external academic APIs.
- Boundary markers: It employs specific HTML comment markers like
<!--ref:slug-->and<!--anchor:kind:value-->to delimit and track citations within the generated text. - Sanitization: The workflow includes a mandatory
integrity_verification_agentthat cross-references all citations and quantitative data claims against ground-truth sources via WebSearch and the Semantic Scholar API to mitigate hallucination and injection risks. - [COMMAND_EXECUTION]: The orchestrator and its associated agents invoke several local Python scripts (e.g.,
scripts/claim_audit_pipeline.py,scripts/slr_lineage.py,scripts/check_pipeline_integrity.py) to manage state, track lineage, and perform consistency checks. It also utilizes standard system tools such aspandocandtectonicfor document conversion and PDF compilation. - [EXTERNAL_DOWNLOADS]: The skill performs legitimate network operations to fetch metadata and verification data from the Semantic Scholar API and general web searches. It also uses the
tectonicengine, which may download LaTeX packages from official TeX repositories as needed during the finalization stage.
Audit Metadata