latte-review-guide
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the 'lattereview' package via pip. This is a standard procedure for research tools and targets a legitimate library hosted on public registries.
- [INDIRECT_PROMPT_INJECTION]: The skill processes paper abstracts and titles from external CSV files, which is a potential surface for indirect prompt injection where data content could attempt to influence AI decisions. However, this is the primary intended function of the literature review tool.
- Ingestion points: External data is loaded from files like 'scopus_export.csv' and 'papers.csv' in 'SKILL.md'.
- Boundary markers: None are explicitly shown in the provided Python code snippets.
- Capability inventory: The skill uses LLM providers to screen papers and extract data, with capabilities to write structured results to 'extracted_data.csv' and generate image files.
- Sanitization: No specific sanitization or filtering of abstract content is demonstrated in the examples.
Audit Metadata