paper-evaluator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to install dependencies using
pip install pdfplumber pypdf python-docx. While these are well-known and legitimate libraries for handling PDF and Word documents, they involve the execution of external setup commands. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs third-party Python packages from public registries. These packages are widely used for the skill's primary purpose of document analysis.
- [REMOTE_CODE_EXECUTION]: The skill includes Python code snippets for document parsing. The agent is expected to execute this code locally to extract text from 'paper.pdf' and 'paper.docx' for analysis.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from external documents which are then analyzed by the AI.
- Ingestion points: Text is extracted from user-provided files such as 'paper.pdf' or 'paper.docx' in Phase 1-2.
- Boundary markers: There are no explicit delimiters or 'ignore' instructions implemented to prevent the AI from following commands that might be embedded within the academic papers being evaluated.
- Capability inventory: The agent has the capability to read files from the local filesystem and execute Python code for extraction purposes.
- Sanitization: The skill lacks mechanisms to sanitize or filter the extracted text before it is used as input for the subsequent evaluation phases.
Audit Metadata