Subagent-Driven Literature Review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. \n- Ingestion points: The workflow relies on subagents fetching abstracts and full-text documents from external academic databases such as PubMed and PMC. \n- Boundary markers: The provided prompt templates for subagents do not implement robust delimiters or explicit instructions to ignore embedded commands within the external content being analyzed. \n- Capability inventory: The agent possesses the capability to dispatch tasks (Task tool) and maintain persistent local state by writing to papers-reviewed.json and SUMMARY.md. \n- Sanitization: No sanitization, filtering, or validation steps are defined to neutralize potential instructions hidden within the metadata or text of the ingested papers.
Audit Metadata