bibliography-builder
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute local shell commands, specifically
gitfor maintaining a versioned trail of the bibliography progress andgrepfor verifying that citation extraction from the manuscript was successful. - [REMOTE_CODE_EXECUTION]: The skill includes Python code snippets (located in
phase1-extraction.md) intended for the agent to execute locally to perform normalization, deduplication, and parsing of citation data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted manuscript content. Ingestion points: User-provided manuscript file (
manuscript.md) and the local bibliography library (references.bib). Boundary markers: No explicit markers or 'ignore' instructions are used when reading external content. Capability inventory: Subprocess execution (git,grep), file writing (bibliography/bibliography.md), and Python code execution. Sanitization: The skill relies on specific regular expressions to extract citations, which provides a level of structural validation but does not sanitize the input against sophisticated instructions embedded within text that matches the citation pattern.
Audit Metadata