paper-writing-section
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to read and process external research data, creating a surface where malicious instructions embedded in those files could influence the agent's behavior.
- Ingestion points: The skill reads local LaTeX (.tex) files, experiment logs, and result files as specified in the SKILL.md workflow and the optional context file argument ($1).
- Boundary markers: Absent. The refinement templates in
references/refinement-prompts.mdinterpolate the section content directly into the prompt without using delimiters or instructions to ignore embedded commands. - Capability inventory: The skill possesses file-read capabilities for local paths. No high-risk capabilities like network access, subprocess execution, or persistent system modification were detected in the provided files.
- Sanitization: There is no evidence of content sanitization or validation to ensure that ingested data only contains expected academic text rather than hidden prompts.
Audit Metadata