peer-review
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from scientific manuscripts and grant proposals. * Ingestion points: Manuscript files, grant applications, and presentation images extracted from PDFs. * Boundary markers: There are no explicit markers or instructions telling the agent to ignore potentially malicious commands embedded in the documents. * Capability inventory: The agent is permitted to use Bash, Write, Edit, and Read tools, which could be exploited. * Sanitization: No sanitization or validation of the input content is performed.
- [COMMAND_EXECUTION]: The skill executes local Python scripts via Bash to generate schematics and process slide decks (e.g., scripts/generate_schematic.py and skills/scientific-slides/scripts/pdf_to_images.py). These are vendor-internal resources from plurigrid and represent the intended functionality of the toolkit.
Audit Metadata