atomic-decomposition
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection because it processes untrusted research ideas and paper descriptions provided by users or external sources.
- Ingestion points: The
$0argument inSKILL.mdand placeholders like{idea_description}and{atom_name}inreferences/decomposition-prompts.mdallow arbitrary text input. - Boundary markers: Absent. The prompts do not use specific delimiters or instructions to ignore embedded commands within the research material.
- Capability inventory: The skill is limited to information extraction, search (implied), and formatting. It does not contain capabilities for file writing, network exfiltration, or code execution.
- Sanitization: Absent. There is no evidence of input validation or escaping for the research content.
- Risk Assessment: Since the skill only generates a JSON knowledge base and does not execute the code it finds, the risk is minimal and inherent to the nature of LLM processing of external data.
Audit Metadata