citation-audit
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill identifies a surface for indirect prompt injection due to its core function of processing untrusted external documents (academic papers).
- Ingestion points: External papers provided by the user or retrieved via the
WebFetchtool. - Boundary markers: The skill instructions lack explicit XML or unique delimiters for untrusted content, though the highly structured multi-step process and defined output tables act as implicit constraints.
- Capability inventory: Includes
WebSearch,WebFetch,Read, andWrite(to output the audit report). - Sanitization: No explicit sanitization or instruction to ignore embedded commands within the analyzed papers is present.
- Data Exposure & Exfiltration (SAFE): The skill uses network-enabled tools (
WebSearch,WebFetch) solely for their primary stated purpose of citation verification. No patterns of accessing sensitive local files or hardcoded credentials were found. - Unverifiable Dependencies (SAFE): The skill does not define or install external software packages and relies on standard agent tools.
Audit Metadata