literature-review
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The scripts
scripts/generate_pdf.pyandscripts/generate_schematic.pyutilizesubprocess.runto execute system binaries likepandocandxelatex, as well as internal Python scripts. These operations are necessary for document formatting and image generation. Commands are executed using argument lists (shell=False), which follows security best practices to prevent argument injection. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to well-known and reputable services for its core functionality.
scripts/generate_schematic_ai.pycommunicates with the OpenRouter API for image generation, whilescripts/verify_citations.pyinteracts withdoi.organdapi.crossref.orgto retrieve citation metadata. These operations are consistent with the skill's purpose of academic research and synthesis. - [PROMPT_INJECTION]: The skill is designed to process external research data, creating a surface for indirect prompt injection.
- Ingestion points: Untrusted content from academic databases (e.g., titles and abstracts) is ingested via
scripts/search_databases.pyandscripts/verify_citations.py. - Boundary markers: Absent. External data is not wrapped in specific delimiters within the
assets/review_template.mdto distinguish it from system instructions. - Capability inventory: The skill can execute shell commands for PDF generation (
scripts/generate_pdf.py) and coordinate sub-processes for image generation (scripts/generate_schematic.py). - Sanitization: Absent. The skill aggregates data into markdown format without explicit sanitization or escaping of potential injection patterns found in external records.
Audit Metadata