citation-injector
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected in the skill's instructions or the associated Python script.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads and writes files within the local workspace (output/DRAFT.md, output/CITATION_BUDGET_REPORT.md, citations/ref.bib). These operations are consistent with the skill's stated purpose of citation management and do not involve sensitive directory access, hardcoded credentials, or network exfiltration.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies and processes external draft and budget data for citation updates.
- Ingestion points: Reads output/DRAFT.md and output/CITATION_BUDGET_REPORT.md in scripts/run.py.
- Boundary markers: No delimiters or boundary markers are used for the external content.
- Capability inventory: The skill possesses file system write capability to output/DRAFT.md and output/CITATION_INJECTION_REPORT.md.
- Sanitization: The Python script uses a strict regular expression [A-Za-z0-9:_-]+ to validate citation keys before inserting them into hardcoded sentence templates, ensuring the output remains purely informational markdown.
Audit Metadata