Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/research-review/Gen Agent Trust Hub

research-review

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and processes local research files to provide context for reviews.
    • Ingestion points: The skill reads files such as STORY.md, README.md, paper drafts, and notes using the Read, Grep, and Glob tools (SKILL.md).
    • Boundary markers: Absent; the research context is directly interpolated into prompt templates without delimiters or protective instructions.
    • Capability inventory: The agent has permissions for Write, Edit, and Bash, which could be leveraged to modify project files or execute commands based on output from the external LLM.
    • Sanitization: No evidence of sanitization or validation of ingested project content before transmission to the external review tool.
  • [DATA_EXFILTRATION]: The skill transmits project context and research results to an external LLM via the Codex MCP server. This behavior is documented and essential to the skill's primary function.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 10:05 AM