survey-generation
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes a local Python script located at
~/.claude/skills/deep-research/scripts/search_semantic_scholar.pyfor retrieving academic papers. This action is restricted to the local environment and aligns with the primary functionality. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its processing of untrusted data. • Ingestion points: Research paper titles and abstracts fetched from external sources like Semantic Scholar and arXiv. • Boundary markers: Absent; there are no instructions to the agent to treat external paper content as untrusted or to use delimiters. • Capability inventory: The agent has the ability to execute local scripts and write multiple files (LaTeX, BibTeX, JSON) to the
survey/directory. • Sanitization: Absent; the workflow incorporates external metadata directly into prompts for writing and citation validation.
Audit Metadata