citation-diversifier
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a risk of indirect prompt injection due to its handling of untrusted data from local workspace files. Instructions maliciously embedded in bibliography keys or draft text could be extracted and included in the output report, which is intended for consumption by another agent component.\n
- Ingestion points: The skill reads and parses
output/DRAFT.md,outline/outline.yml, andcitations/ref.bibwithin thescripts/run.pyscript.\n - Boundary markers: There are no explicit boundary markers or instructions within the processing logic to distinguish between data content and potential embedded commands.\n
- Capability inventory: The script is capable of writing formatted markdown to the local file system at
output/CITATION_BUDGET_REPORT.md.\n - Sanitization: Sanitization is limited to regex-based extraction of citation keys and simple string normalization, which does not prevent the inclusion of natural language instructions in the output.
Audit Metadata