reviewing-ai-papers
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted external data (technical papers and blog posts), which creates an attack surface for indirect prompt injection. Ingestion points: The skill triggers on user-provided URLs or documents for content analysis. Boundary markers: There are no explicit instructions or delimiters defined in SKILL.md to isolate external content from the agent's logic. Capability inventory: The skill utilizes a
remember()function to write insights into the agent's cross-session memory, which could allow an attacker to 'poison' the agent's long-term context with malicious instructions. Sanitization: No evidence of content sanitization or validation is present in the skill's logic.
Audit Metadata