peer-review-simulator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill identifies a workflow to ingest and analyze untrusted external data (manuscripts) using highly privileged tools.
- Ingestion points: Processes external manuscripts as defined in the 'Usage Guidelines' (Load manuscript, Analyze structure).
- Boundary markers: Absent; no instructions are provided to the agent to delimit or ignore instructions within the manuscript.
- Capability inventory: The skill is granted 'Bash' and 'Write' permissions in the 'allowed-tools' section, allowing command execution and file modification.
- Sanitization: Absent; there is no mention of filtering, escaping, or validating the manuscript content.
- Risk: An attacker could embed malicious commands in a manuscript that the agent might execute via Bash or Write tools during the analysis phase.
Recommendations
- AI detected serious security threats
Audit Metadata