thesis-question-list
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes data from external files to generate its output.
- Ingestion points: Reads from
codex_md/material_index.md,codex_md/missing_info.md, andclaude_md/review_checklist.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard embedded commands in the source files.
- Capability inventory: The skill has file-system write capabilities via the included
scripts/run.py. - Sanitization: No validation or sanitization is performed on the ingested content before it is processed into the
question_list.mdtable. - [COMMAND_EXECUTION]: The skill includes a Python script (
scripts/run.py) designed to initialize the project workspace. The script uses thepathlibmodule to create directories and write a boilerplate markdown template to a path specified via the--workspaceargument. These operations are limited to standard file system management within the provided workspace context.
Audit Metadata