project-referee
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process external, untrusted machine learning papers, which presents an inherent surface for indirect prompt injection where a paper could contain hidden instructions to subvert agent behavior.
- Ingestion points: Manuscript drafts provided by the user in
SKILL.md. - Boundary markers: Absent. The instructions do not define specific delimiters or warnings to ignore embedded instructions within processed papers.
- Capability inventory:
WebSearchfor finding citations and structured text generation. - Sanitization: No sanitization or validation of paper content is described.
- [Data Exposure & Exfiltration] (SAFE): Network operations are limited to the
WebSearchtool for identifying missing citations, which is consistent with the skill's stated purpose. No sensitive file paths, environment variables, or hardcoded credentials were detected. - [NO_CODE] (SAFE): The skill consists entirely of instructional markdown and does not include any executable scripts or package dependencies.
Audit Metadata