Skills
skills/willoscar/research-units-pipeline-skills/manuscript-ingest/Gen Agent Trust Hub

manuscript-ingest

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted manuscripts provided as text or PDF files, which are then stored in output/PAPER.md. This creates a surface for indirect prompt injection, where malicious instructions within the manuscript could influence downstream agents (such as claims-extractor) that read the generated file.
  • Ingestion points: scripts/run.py reads user-provided manuscript files from the workspace.
  • Boundary markers: The skill does not implement delimiters or specific "ignore instructions" markers when writing content to output/PAPER.md.
  • Capability inventory: The script scripts/run.py has file system write capabilities to the output directory.
  • Sanitization: No content sanitization or instruction filtering is performed on the ingested text during extraction or storage.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 09:58 AM