hypogenic
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches example datasets and research repositories from the ChicagoHAI GitHub organization, which is an academic research group.
- [COMMAND_EXECUTION]: Executes local shell scripts (setup_grobid.sh, run_grobid.sh) to install and run the GROBID service, which is required for PDF literature processing.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data (JSON datasets and PDF research papers) that are interpolated into LLM prompts.
- Ingestion points: Loads training/test data from JSON files and research papers from PDF files as described in SKILL.md.
- Boundary markers: Analysis of the config_template.yaml indicates that data is interpolated using placeholders like {data_samples} and {sample_text} without specific delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill performs network operations via LLM API calls and writes output files to the local system.
- Sanitization: There is no evidence of sanitization or content validation for the input data before it is sent to the LLM.
Audit Metadata