embodiment-description
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted input files to generate patent documentation.
- Ingestion points: Includes patent/INVENTION_DISCLOSURE.md, patent/CLAIMS.md, user-provided figures, and patent/figures/numeral_index.md.
- Boundary markers: The skill does not define specific delimiters or provide instructions to the agent to ignore embedded commands within the ingested files.
- Capability inventory: The skill utilizes Bash(*), Read, Write, Edit, Grep, and Glob tools as specified in the frontmatter.
- Sanitization: There is no evidence of input validation or content sanitization for the disclosure or claim files before they are processed by the agent.
- [COMMAND_EXECUTION]: The skill requires broad shell access via Bash(*). While intended for document processing tasks, this capability increases the potential impact of an indirect prompt injection attack where an input file could contain malicious shell commands.
Audit Metadata