manuscript-review
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-supplied manuscripts (PDF, DOCX, LaTeX, Markdown), creating a surface for indirect prompt injection where malicious instructions embedded in the text could attempt to override agent behavior.\n
- Ingestion points: Processes external manuscript files in multiple formats (SKILL.md, Workflow §1).\n
- Boundary markers: Absent; the skill does not specify delimiters or instructions to isolate manuscript content from the agent's logic.\n
- Capability inventory: The agent can read and write files and generates a readiness assessment that could be manipulated (SKILL.md, Steps 4 and 6).\n
- Sanitization: No explicit sanitization or filtering of document content is described.\n- [COMMAND_EXECUTION]: The skill instructions allow the agent to invoke system tools to compile LaTeX source files.\n
- Evidence: Instructions state the agent should "compile it" if only LaTeX source is provided (SKILL.md, Pass 12).
Audit Metadata