academic-research-suite
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides explicit shell commands for the agent to execute Node.js scripts located in sibling directories (e.g.,
node ../Pretty-mermaid-skills/scripts/render.mjs). This execution pattern relies on the presence and integrity of files outside the skill's own package, which can lead to arbitrary code execution if those neighboring locations contain malicious scripts. - [PROMPT_INJECTION]: The skill processes untrusted external data, including research papers and drafts, to perform synthesis and review tasks (Category 8: Indirect Prompt Injection).
- Ingestion points: Document content processed in
search-synthesis.mdand draft content inreview-simulator.md. - Boundary markers: Absent. The instructions do not define clear delimiters or provide warnings to the agent to ignore instructions embedded within the processed text.
- Capability inventory: Generation and execution of Python/Matplotlib code, as well as shell command execution for rendering diagrams.
- Sanitization: Absent. External text is processed directly to generate summaries and reviews, creating a pathway for malicious content to influence agent logic.
- [SAFE]: The skill references specific repositories from 'anthropics', which is a trusted organization. Such references are documented as safe for integration purposes.
Audit Metadata