hypothesis-generation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions in
SKILL.mdare purely task-oriented. There are no attempts to bypass safety filters, extract system prompts, or override agent constraints. - [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, environment variables, or hardcoded credentials (API keys, tokens) were detected in any of the files.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not include any package manifest files (e.g.,
package.json,requirements.txt) or commands to install external software. No code execution patterns likeeval(),exec(), or piped shell commands were found. - [Obfuscation] (SAFE): All content is provided in clear-text Markdown. No Base64, zero-width characters, or hex-encoded strings were detected.
- [Persistence & Privilege Escalation] (SAFE): There are no commands related to system persistence (cron jobs, startup scripts) or privilege escalation (
sudo,chmod). - [Indirect Prompt Injection] (LOW):
- Ingestion points: The workflow in
SKILL.md(Step 2) instructs the agent to useWebFetchandWebSearchto ingest external scientific literature. - Boundary markers: None explicitly defined to separate external search results from instructions.
- Capability inventory: The skill is limited to text generation and does not have file-write or subprocess execution capabilities.
- Sanitization: No sanitization logic is present for external data. This remains a low-level risk inherent to any skill that processes untrusted web content.
Audit Metadata