rubric-writer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an indirect prompt injection surface because it processes untrusted data from academic artifacts to generate a review.
- Ingestion points:
output/CLAIMS.md,output/MISSING_EVIDENCE.md, andoutput/NOVELTY_MATRIX.md. - Boundary markers: Absent. The instructions do not specify delimiters or tell the agent to ignore instructions embedded in the source markdown files.
- Capability inventory: None. The skill does not use
subprocess,exec, or network libraries. It only outputs a text-basedREVIEW.mdfile. - Sanitization: Absent. The inputs are used directly for reasoning without escaping or validation.
- Risk Assessment: The severity is low because the skill lacks the capabilities to perform exfiltration, file system modification (outside the output path), or command execution.
- [NO_CODE] (SAFE): The skill contains no executable scripts (Python, JS, Shell). It consists entirely of Markdown and YAML frontmatter, significantly reducing the attack surface for traditional exploits.
Audit Metadata