idea-generation
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (research task descriptions, paper abstracts, and codebase context) through interpolation in prompts located in
references/ideation-prompts.md. This architecture presents an indirect prompt injection surface. - Ingestion points: The variables
{task_description},{code}, and{idea}inreferences/ideation-prompts.mdingest data from the user or previously generated outputs. - Boundary markers: The prompts use XML-style tags (e.g.,
<experiment.py>) and triple-quote delimiters (""") to separate untrusted content from instructions, which provides some structural protection against accidental instruction following. - Capability inventory: The skill has the capability to perform network requests (via
scripts/novelty_check.py) and write execution results to local files. - Sanitization: There is no explicit evidence of input validation, escaping, or filtering of the external content before it is interpolated into the agent context.
- [EXTERNAL_DOWNLOADS]: The
scripts/novelty_check.pyscript performs network requests to the Semantic Scholar API (api.semanticscholar.org) to fetch literature metadata and abstracts. While the tool downloads external content at runtime, Semantic Scholar is a well-known service and the script uses standard library functions with secure URL encoding for its parameters.
Audit Metadata