evidence-binder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill instructions include executing a local Python script at
.codex/skills/evidence-binder/scripts/run.py. While no remote execution is detected, local script execution is a baseline capability that requires trust in the skill's source code. - PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection surface (Category 8) because it processes untrusted input from several files. Evidence Chain: 1. Ingestion points:
outline/subsection_briefs.jsonl,outline/mapping.tsv,papers/evidence_bank.jsonl, andcitations/ref.bib. 2. Boundary markers: Absent; the skill does not define delimiters to separate data from instructions. 3. Capability inventory: File-system read and write access via Python script execution. 4. Sanitization: Absent; no validation or escaping of external content is specified.
Audit Metadata