Skills
skills/willoscar/research-units-pipeline-skills/claims-extractor/Gen Agent Trust Hub

claims-extractor

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is vulnerable to instructions embedded within the source manuscripts it processes.
  • Ingestion points: Processes external files output/PAPER.md and DECISIONS.md, which contain untrusted content from research papers or manuscripts.
  • Boundary markers: The workflow lacks explicit delimiters (like XML tags or clear section separators) to isolate the untrusted input text from the agent's instructions.
  • Capability inventory: Limited to file system read/write operations (reading manuscripts and writing extracted claims). No network or command execution capabilities were found.
  • Sanitization: No validation or sanitization of the input text is performed before the extraction process, allowing malicious payloads in the paper to potentially influence the agent's behavior during the normalization step.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:07 PM