scientific-critical-thinking
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script (
scripts/generate_schematic.py) to generate diagrams based on natural language descriptions provided by the user. Since this script is not included in the skill package, its handling of shell-based arguments cannot be verified, creating a potential command injection surface.\n- [COMMAND_EXECUTION]: The skill recommends using thegrepcommand to search through reference materials, which encourages the execution of arbitrary shell commands within the workspace.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to ingest and critically analyze untrusted external data, such as scientific research papers and media reports.\n - Ingestion points: Evaluates external scientific claims, research papers, and media articles.\n
- Boundary markers: No specific delimiters or instructions are provided to ensure the agent ignores instructional content that may be embedded within the documents being analyzed.\n
- Capability inventory: The agent has access to file system tools (
Read,Write,Edit) and theBashshell, which could be exploited if malicious instructions in an ingested paper are followed.\n - Sanitization: There is no evidence of validation or sanitization protocols for the content of processed documents.
Audit Metadata