Skills
skills/willoscar/research-units-pipeline-skills/screening-manager/Gen Agent Trust Hub

screening-manager

Warn

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The script scripts/run.py dynamically computes the repository root by traversing parent directories to locate AGENTS.md and appends this path to sys.path. This enables the script to import local modules from a variable location, which is a form of dynamic loading from computed paths.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external content from research protocols and candidate paper lists. This presents an indirect prompt injection surface where instructions embedded in abstracts or criteria could attempt to manipulate the agent's behavior.
  • Ingestion points: output/PROTOCOL.md, papers/papers_raw.jsonl, papers/papers_dedup.jsonl, and papers/core_set.csv.
  • Boundary markers: No delimiters or protective instructions are used when reading these files.
  • Capability inventory: The script performs file system read and write operations (papers/screening_log.csv).
  • Sanitization: No sanitization or validation of input text is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 15, 2026, 06:47 AM