Skills
skills/willoscar/research-units-pipeline-skills/citation-injector/Gen Agent Trust Hub

citation-injector

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Prompt Injection (SAFE): The instructions provide clear, safety-oriented guidelines for the AI, specifically forbidding the invention of facts or citations (NO NEW FACTS).
  • Data Exposure & Exfiltration (SAFE): The skill is declared network-less, and the script does not contain any calls to external APIs or network libraries. It only accesses files within the local workspace.
  • Remote Code Execution (SAFE): The validation script run.py uses regular expressions to parse citations and does not utilize unsafe functions such as eval() or exec().
  • Obfuscation (SAFE): No obfuscated strings, multi-layer encoding, or hidden Unicode characters were identified in the codebase.
  • Indirect Prompt Injection (LOW): The skill possesses an indirect prompt injection surface as it processes external draft content. Evidence Chain: 1. Ingestion points: output/DRAFT.md, output/CITATION_BUDGET_REPORT.md; 2. Boundary markers: Absent; 3. Capability inventory: File writing via atomic_write_text and LLM-guided draft modification; 4. Sanitization: Absent, though the script limits its own logic to regex-based citation extraction.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:08 PM