hypothesis-generation
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted external literature through WebFetch and WebSearch tools, creating an attack surface for indirect prompt injection.
- Ingestion points: Step 2 in
SKILL.md(Conduct Comprehensive Literature Search) utilizes external web and PubMed data. - Boundary markers: No specific boundary markers or delimiters are used to isolate external content from instructions.
- Capability inventory: The skill is limited to reasoning and generating text based on templates; it does not have the capability to execute commands, write to the filesystem, or perform network requests beyond the initial search.
- Sanitization: No sanitization or filtering of external content is specified.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file access, hardcoded credentials, or unauthorized network activity detected. Tool use is limited to literature search capabilities.
- [Remote Code Execution] (SAFE): No dynamic code execution, library injection, or remote script downloads identified.
Audit Metadata