research-paper-writer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it encourages the agent to ingest external, untrusted research data.
- Ingestion points: In
SKILL.md, the workflow explicitly instructs the agent to "Review any provided research materials, data, or references" to understand the domain and technical background for the paper. - Boundary markers: The skill does not define specific delimiters or "ignore instructions" guards when the agent processes these external materials, which could allow an attacker to embed instructions within a document to alter the agent's behavior.
- Capability inventory: The skill's primary capability is generating structured, authoritative academic text. While the
index.jsfile is a boilerplate placeholder with no functional system access, the risk remains that the agent could be manipulated into producing biased or malicious scholarly content if the input data is poisoned. - Sanitization: The skill lacks any instructions or logic for sanitizing or validating the content of the research materials provided by the user.
Audit Metadata