research-pipeline-runner
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes repository-local Python scripts (
scripts/pipeline.py) to perform operations like workspace initialization, pipeline state management, and checkpoint verification. These scripts are used as deterministic helpers for the skill's coordination logic. - [EXTERNAL_DOWNLOADS]: The pipeline runner indicates network dependency for fetching papers from arXiv and verifying citations. These operations target well-known academic services and are directly related to the primary research functionality of the skill.
- [PROMPT_INJECTION]: The skill processes untrusted data from user goals and external research documents, creating an indirect prompt injection surface.
- Ingestion points: User-provided research topics/requests and content retrieved from external PDFs or arXiv searches.
- Boundary markers: Uses a structured
UNITS.csvfile as an execution contract and implements mandatory human approval checkpoints (CHECKPOINTS.md) before progressing to prose generation. - Capability inventory: Subprocess execution for pipeline management and file-system write operations restricted to the
workspaces/subdirectory. - Sanitization: The skill relies on structured task breakdown and human review rather than explicit string sanitization to manage untrusted content.
Audit Metadata