lit-review
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through user-supplied input.
- Ingestion points: Research topics, questions, or draft papers provided by the user in Step 1.
- Boundary markers: Absent. There are no instructions for the agent to distinguish between the research data and instructions, making it possible for a malicious 'draft paper' to redirect the agent's tasks.
- Capability inventory: Uses
WebSearch,WebFetch,Write, andTask, which could be abused if an injection occurs (e.g., forcing searches to malicious domains or writing unauthorized files). - Sanitization: No sanitization or validation of the input content is performed before processing.
Audit Metadata