Skills
skills/willoscar/research-units-pipeline-skills/taxonomy-builder/Gen Agent Trust Hub

taxonomy-builder

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is vulnerable to malicious instructions embedded within the untrusted paper data it processes. \n
  • Ingestion points: The skill ingests data from papers/core_set.csv and papers/papers_dedup.jsonl (Workflow step 1). \n
  • Boundary markers: There are no delimiters or instructions to ignore embedded commands when the agent 'skims' or 'clusters' the data. \n
  • Capability inventory: The skill allows the agent to execute a local Python script (scripts/run.py) and write to the file system (outline/taxonomy.yml). \n
  • Sanitization: No sanitization or validation of the input data is performed before it is processed by the agent. \n- Command Execution (LOW): The skill documentation includes commands to run a local helper script (scripts/run.py). While the script is internal to the skill, this execution capability increases the potential impact of an injection attack.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:23 AM