idea-generation
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The script
scripts/novelty_check.pyperforms network requests toapi.semanticscholar.org. Although this domain is not on the standard whitelist, it is a reputable academic service required for the skill's primary function. No sensitive local files or credentials are accessed or transmitted.\n- [Prompt Injection] (SAFE): The skill processes untrusted research descriptions and code as part of its ideation workflow.\n - Ingestion points: Research context is interpolated into prompts in
references/ideation-prompts.mdand passed toscripts/novelty_check.pyvia command-line arguments.\n - Boundary markers: The prompts use XML-style tags (e.g.,
<experiment.py>) and triple-quote delimiters to isolate untrusted content.\n - Capability inventory: The skill is limited to performing academic literature searches and does not have access to sensitive system commands or broader network capabilities.\n
- Sanitization: No explicit sanitization is performed on input text, but the limited capability surface makes this a low-risk configuration.\n- [Command Execution] (SAFE):
SKILL.mddefines a command to execute an internal Python script using a static path. The script itself uses only the Python standard library and does not perform dynamic code execution (e.g., eval or exec).
Audit Metadata