zhenan-bao
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Potential steganographic content hidden via Unicode characters. \n
- Evidence: Automated scanning detected non-standard or hidden Unicode characters in the source data file
_workspace/raw/src_040.json(e.g., within the segment**H-I** **NDEX**). These characters are markers for steganography used to conceal instructions or bypass safety guardrails by splitting keywords. \n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to un-delimited data ingestion. \n - Ingestion points: Extensive research data and transcripts are loaded from
_workspace/raw/and_workspace/discovery/. \n - Boundary markers: Absent. The instructions in
SKILL.mdandAGENTS.mdlack explicit delimiters (e.g., XML tags or clear 'END OF DATA' markers) to prevent the agent from following instructions potentially embedded in the source texts. \n - Capability inventory: The skill is primarily informational and persona-driven; it does not request high-privilege tool usage or execute arbitrary code. \n
- Sanitization: There is no visible evidence of content filtering or sanitization performed on the ingested source data. \n- [EXTERNAL_DOWNLOADS]: The skill references numerous external resources from reputable academic and scientific domains. \n
- Evidence: Source metadata and reference files link to trusted domains such as
stanford.edu,ncbi.nlm.nih.gov,acs.org, andnature.com. These references are integral to the skill's stated purpose of modeling professional research reasoning and are considered safe.
Audit Metadata