q-scholar
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface within the topic fine-tuning (q-tf) workflow.\n
- Ingestion points: Untrusted document text is ingested from local Excel files during the reclassification process in
q-tf/scripts/classify_outliers.py.\n - Boundary markers: User-provided document content is interpolated into foundation model prompts using a simple
Document:\n{document}pattern without specialized delimiters or escaping.\n - Capability inventory: The processing script has the capability to perform network operations to the Gemini API and write results to the local file system.\n
- Sanitization: No explicit sanitization or validation of the input document text was found prior to prompt construction.\n- [COMMAND_EXECUTION]: The skill requires the agent to execute multiple local Python scripts (e.g.,
run_eda.py,update_excel_with_labels.py,generate_implementation_plan.py) via the shell. This is a standard functional requirement for performing exploratory data analysis and topic modeling on local datasets.\n- [EXTERNAL_DOWNLOADS]: Theq-tfsub-skill interfaces with the Google Gemini API via thegoogle-genailibrary to classify outlier data. This involves communicating with a well-known technology provider's service.\n- [DATA_EXFILTRATION]: Document text from the user's research datasets is transmitted to the Google Gemini API for classification. While this is an intended feature of the outlier workflow, it represents a flow of potentially sensitive academic data to an external service.
Audit Metadata