Skills
skills/shaun-z/auto-claude-code-research-in-sleep/research-review/Gen Agent Trust Hub

research-review

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified through the processing of untrusted project data.\n
  • Ingestion points: The skill reads local project files including STORY.md, README.md, research paper drafts, and experiment notes using Read, Grep, and Glob tools.\n
  • Boundary markers: Absent. The instructions do not define clear delimiters (e.g., XML tags or triple backticks) to separate the untrusted research content from the agent's instructions, nor do they include warnings to ignore embedded directives in the research text.\n
  • Capability inventory: The agent has access to powerful tools including Bash(*), Write, Edit, Agent, and external LLM communication tools (mcp__codex__codex, mcp__codex__codex-reply).\n
  • Sanitization: None. Content extracted from research files is interpolated directly into prompts sent to the external reviewer tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 03:14 AM