report-writing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (PDFs, URLs, PMIDs) and interpolates them into a structured report pipeline.
- Ingestion points: Step 2 (pdf-reader) and Step 3 (note-writer) process external documents and PMID-linked content.
- Boundary markers: Absent. There are no explicit instructions to ignore embedded prompts within the source materials.
- Capability inventory: The skill orchestrates file reading (
pdf-reader) and writing (note-writer,report-formatter). While it includes a pseudo-code Python loop for checkpoints, the skill itself acts as a markdown instruction set rather than a standalone script. - Sanitization: Absent. Content is passed from the reader to the writer and validator without explicit sanitization layers.
- [Persistence Mechanisms] (SAFE): The skill utilizes a JSON checkpoint mechanism (
save_checkpoint) to track progress. This is a legitimate functional requirement for long-running document processing tasks and does not involve system-level persistence (e.g., cron, registry keys).
Audit Metadata