revision-coordinator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to process untrusted external data (manuscripts and reviewer feedback), which creates a vulnerability surface for indirect prompt injection. \n
- Evidence Chain: \n 1. Ingestion points:
phase0-intake.md(Task 1 and Task 2) directs the agent to read full manuscripts and feedback items. \n 2. Boundary markers: The instructions lack specific requirements for boundary markers (e.g., XML tags or clear 'ignore instructions' prefixes) to isolate the data from the system prompt. \n 3. Capability inventory: The skill possesses file-write capabilities across multiple phases (writing torevision/directory). It does not have network access or administrative shell permissions. \n 4. Sanitization: No sanitization or validation logic is defined to prevent instructions embedded within the manuscripts or feedback from influencing the agent's behavior.
Audit Metadata