heuristic-template
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's architecture is designed to execute external shell scripts for document evaluation, as evidenced by the 'DeterministicCheck' contract in 'references/contracts.md' and the 'rubric-template.md' which references specific script paths like 'scripts/check_body_sections.sh'. While no scripts are provided in the skill package, this framework encourages the use of command-line tools, which could lead to unauthorized command execution if malicious configurations are provided or if the agent is induced to create harmful scripts.
- [PROMPT_INJECTION]: The skill lacks sufficient boundary markers or 'ignore' instructions when processing untrusted content from the various ingestion points defined in 'GenerationSpec' (e.g., databases, APIs, uploaded documents). This creates a vulnerability to indirect prompt injection during the iterative 'generate' and 'revise' phases. Mandatory Evidence Chain: 1. Ingestion points: 'GenerationSpec' (sources) and 'SourceSpec' in 'references/contracts.md'. 2. Boundary markers: Absent. 3. Capability inventory: Shell script execution via 'DeterministicCheck' and file-write capabilities requested in 'SKILL.md' metadata. 4. Sanitization: Absent.
Audit Metadata