revision-coordinator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local system commands
git addandgit committo manage version history for manuscript files during the revision process. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes manuscript text and reviewer feedback provided by the user. If these inputs contain malicious instructions, the agent might execute them when generating tasks for sub-agents.
- Ingestion points: Files located in
manuscript/andrevision/feedback.md. - Boundary markers: The skill uses templates to separate instructions from data, but does not implement explicit safety delimiters (like XML tags with 'ignore instructions' warnings) around the interpolated user content.
- Capability inventory: Includes spawning Task agents with full context, writing files, and executing git commands.
- Sanitization: No evidence of input sanitization or filtering for the manuscript or feedback content.
- [DYNAMIC_EXECUTION]: The skill dynamically assembles prompts for sub-agents (e.g., in
Phase 2: Skill Dispatch) by interpolating raw text from the manuscript and feedback into 'Task' templates. This could lead to the sub-agent following instructions embedded in the manuscript instead of the coordinator's instructions. - [EXTERNAL_DOWNLOADS]: The skill references the use of external academic services such as the OpenAlex API for literature searches and Zotero for reference management via sub-skills like
lit-searchandpeer-reviewer.
Audit Metadata