skills/wanshuiyin/auto-claude-code-research-in-sleep/comm-lit-review-claude-single/Gen Agent Trust Hub
comm-lit-review-claude-single
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks.
- Ingestion points: The skill ingests untrusted data by reading local PDFs from 'papers/' and 'literature/' directories and fetching content from external sites like IEEE Xplore, ScienceDirect, and ACM Digital Library (SKILL.md).
- Boundary markers: Absent. The instructions do not include delimiters or warnings to ignore instructions embedded within the research material.
- Capability inventory: The skill allows access to 'Bash(*)', 'Read', 'Write', and 'WebFetch' (SKILL.md).
- Sanitization: Absent. There is no evidence of filtering or sanitization of the content retrieved from external sources.
- [COMMAND_EXECUTION]: The skill enables the 'Bash(*)' tool, which provides the agent with extensive command-line capabilities. While this is intended for file management and processing, the broad scope of the tool increases the potential impact if the agent is manipulated via malicious content in a paper.
- [EXTERNAL_DOWNLOADS]: The skill fetches content from well-known academic services including 'ieeexplore.ieee.org', 'sciencedirect.com', and 'dl.acm.org' to provide research summaries.
Audit Metadata