Skills
skills/willoscar/research-units-pipeline-skills/evidence-selfloop/Gen Agent Trust Hub

evidence-selfloop

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected. The skill ingests untrusted data from 'queries.md' and various JSONL files in the 'outline/' and 'papers/' directories. 1. Ingestion points: 'queries.md', 'outline/subsection_briefs.jsonl', 'outline/evidence_bindings.jsonl', 'outline/evidence_drafts.jsonl'. 2. Boundary markers: Absent; no explicit delimiters or instructions to ignore nested prompts were found in the documentation. 3. Capability inventory: Executes local Python scripts via CLI (subprocess) which generates markdown reports. 4. Sanitization: Absent; the skill does not mention validation or escaping of ingested file content before analysis.
  • [DATA_EXPOSURE] (SAFE): The skill reads project-specific artifacts but does not attempt to access sensitive system files, environment variables, or hardcoded credentials.
  • [EXTERNAL_DOWNLOADS] (SAFE): No remote URLs, external packages, or downloads were identified in the skill configuration.
  • [COMMAND_EXECUTION] (SAFE): Standard invocation of a local script provided with the skill ('scripts/run.py') for data processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:07 PM