Skills
skills/sxg/science/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection.\n
  • Ingestion points: The content of the manuscript provided via manuscript_path is read in Step 1 and directly interpolated into the prompts for both the 'Statistical Reviewer' and 'Academic Reviewer' tasks in Step 2 via the {full_manuscript_content} variable.\n
  • Boundary markers: Absent. The manuscript content is placed within the prompt strings without the use of XML tags, triple backticks, or other delimiters that would help the model distinguish between instructions and data. There are also no instructions to the subagents to ignore potential commands embedded within the paper.\n
  • Capability inventory: The skill uses the Read tool to access local files, the Task tool to spawn subagents, and the Write tool to create a review file on the local filesystem (Step 6).\n
  • Sanitization: Absent. No logic is present to filter, escape, or validate the content of the manuscript before it is processed by the LLM subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:43 PM