peer-review
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to run Python scripts locally using the Bash tool. Evidence includes calls to 'python scripts/generate_schematic.py' and 'python skills/scientific-slides/scripts/pdf_to_images.py' found in SKILL.md. These commands involve passing descriptions or files provided by the user to external scripts.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to analyze external data provided by users or fetched from files. 1. Ingestion points: Scientific manuscripts and presentation decks are the primary inputs (SKILL.md). 2. Boundary markers: The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the analyzed data. 3. Capability inventory: The skill has access to Bash, Read, Write, and Edit tools, and specifically utilizes the Bash tool for script execution. 4. Sanitization: No mechanisms for sanitizing or validating input from the analyzed manuscripts are mentioned.
Audit Metadata