tech-article-reproducibility
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and evaluate untrusted technical article drafts via a subagent. * Ingestion points: Article content enters the context through the file path specified in the subagent template in SKILL.md. * Boundary markers: Absent; there are no delimiters or specific instructions to the subagent to ignore embedded commands within the draft text. * Capability inventory: The skill utilizes 'WebFetch' to perform network requests based on content found in the articles. * Sanitization: Absent; draft content is interpolated directly into the evaluation prompt without validation.
- [EXTERNAL_DOWNLOADS]: The skill uses the 'WebFetch' tool to verify the availability of URLs contained within the analyzed articles. This involves establishing outbound network connections to arbitrary, non-whitelisted domains provided by external data.
- [DATA_EXFILTRATION]: The skill documentation includes a hardcoded absolute file path ('/Users/mz/.claude/skills/tech-article-reproducibility/SKILL.md') in its subagent template. This reveals a local username and environment-specific folder structure, representing a minor exposure of local system metadata.
Audit Metadata