paper-assembly
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from the user-specified project directory to guide the agent's workflow.
- Ingestion points: The assembly_checker.py script reads the content of .tex and .bib files located in the project directory.
- Boundary markers: No explicit delimiters or safety instructions are used to distinguish untrusted file content from the skill's instructions.
- Capability inventory: Based on file analysis, the skill directs the agent to execute other skills and runs local Python scripts.
- Sanitization: There is no evidence of sanitization or filtering of the content read from the project files.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (assembly_checker.py) using a user-provided directory path as an argument. While the script performs legitimate project analysis using standard libraries, executing shell commands with user-controlled path arguments carries a minor risk of path traversal or unexpected file access if not properly validated.
Audit Metadata