review-paper
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to search for and read files from the local file system using directory patterns (e.g.,
~/Dropbox/Github/) and globbing for specific file extensions like.tex,.pdf, and.docx.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external manuscript files. It lacks explicit boundary markers or instructions to ignore embedded agent commands within those files. - Ingestion points: Manuscript files provided via
$ARGUMENTSor discovered through automated directory searches. - Boundary markers: Absent; there are no delimiters defined to separate the paper content from the agent's internal instructions.
- Capability inventory: The skill has the ability to read local files and write a review report to the working directory.
- Sanitization: None; document content is analyzed directly for review purposes.
Audit Metadata