writing
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains 'CRITICAL COMPLETION POLICY' and 'CONTEXT WINDOW' instructions that explicitly direct the agent to 'NEVER ask "Would you like me to continue?"' and to 'continue working indefinitely.' These directives are designed to override standard agent behavior constraints and interaction thresholds to ensure the completion of long documents.
- [COMMAND_EXECUTION]: The workflow requires the agent to execute shell commands for document processing and verification. Specifically, it uses
wc -wfor word count verification andconvert(ImageMagick) orpdftoppm(poppler-utils) for PDF-to-image conversion. It also includes an inline Python script executed viapython -cto facilitate visual review of generated files. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to dynamically install external software dependencies at runtime, specifically requesting the installation of the
pdf2imagelibrary using theuv addcommand. - [INDIRECT_PROMPT_INJECTION]: The agent is directed to ingest untrusted data from the web and academic sources via the
parallel-webandresearch-lookupskills. The skill lacks instructions for sanitizing this data before it is written into project files or processed, creating a surface for potential indirect prompt injection. - Ingestion points: External data retrieved through
parallel-webandresearch-lookupskills (referenced in SKILL.md). - Boundary markers: None identified in the instruction set.
- Capability inventory: File system access (write/edit), subprocess execution (shell commands), and tool invocation for external research.
- Sanitization: No sanitization or validation logic is specified for the external content before interpolation into documents.
Audit Metadata