academic-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines a workflow that ingests potentially untrusted data from an external search tool.
- Ingestion points: Data enters the workflow via the
paper-searchtool and is saved to/workspace/projects/papers.json. - Boundary markers: The templates do not include explicit markers or delimiters to separate ingested data from instructions in subsequent processing steps.
- Capability inventory: The workflow utilizes Python scripts, shell commands, and LaTeX compilation, providing a wide capability surface.
- Sanitization: Data cleaning is limited to string truncation in the Python processing script, which does not prevent malicious content from influencing downstream logic.
- [Dynamic Execution] (LOW): The skill uses shell heredocs to generate and execute Python scripts at runtime. While these scripts follow static templates, they are assembled and executed dynamically.
- [Command Execution] (SAFE): The use of standard utilities such as
pdflatex,python3, andcatis appropriate for the skill's stated academic research purpose.
Audit Metadata