Skills
skills/willoscar/research-units-pipeline-skills/paper-notes/Gen Agent Trust Hub

paper-notes

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted research paper data, which can serve as a vector for indirect prompt injection. \n
  • Ingestion points: Paper metadata and full text are ingested from papers/core_set.csv, papers/fulltext_index.jsonl, and papers/fulltext/*.txt files via the scripts/run.py processing script. \n
  • Boundary markers: None identified; extracted evidence snippets are placed directly into papers/evidence_bank.jsonl without the use of delimiters or 'ignore instructions' warnings. \n
  • Capability inventory: The skill's primary script scripts/run.py is limited to local file system reads and writes using standard library functions and a local helper module. It does not possess network access or arbitrary command execution capabilities. \n
  • Sanitization: The extraction logic in scripts/run.py uses regex-based sentence splitting but does not include any sanitization, validation, or filtering of the content to prevent embedded instructions from influencing downstream agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 11:10 AM