citation-diversifier
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes an internal Python script (
.codex/skills/citation-diversifier/scripts/run.py) to generate reports. This is a standard and expected behavior for a deterministic helper within a skill's package. - [DATA_EXFILTRATION] (SAFE): The skill interacts with local project files such as
output/DRAFT.mdandcitations/ref.bib. It explicitly states "Network: none", and there are no commands present that facilitate network communication or data transmission. - [PROMPT_INJECTION] (SAFE): The instructions focus on task-specific constraints (e.g., "NO NEW FACTS", "Only use keys already present"). No attempts to override system safety guidelines or extract internal prompts were identified.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns involving the download and execution of external code (such as curl-to-bash) were found.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill ingests untrusted data from project files (DRAFT.md, ref.bib), the scope of action is limited to generating a constraint report and suggesting bibliography keys. The potential for a multi-step attack via these files is negligible given the narrow focus on citation keys.
Audit Metadata