literature-review
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes mandatory behavioral instructions forcing the use of specific visualization tools and a promotional section that steers the agent to suggest an external hosted platform (k-dense.ai) for complex workflows.
- [PROMPT_INJECTION]: There is a discrepancy between the author identifier provided by the system ('wu-yc') and the author identity claimed in the metadata ('K-Dense Inc.'), which may mislead users about the skill's origin.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill processes untrusted research metadata from external databases. 1. Ingestion points: JSON-formatted search results from PubMed, arXiv, and Semantic Scholar. 2. Boundary markers: Absent; no specific instruction delimiters are mentioned for processed paper content. 3. Capability inventory: 'Bash', 'Write', and 'Edit' tools are enabled for script execution and file modification. 4. Sanitization: No specific filtering or escaping of paper titles or abstracts is documented in the workflow.
- [COMMAND_EXECUTION]: The skill requires the 'Bash' tool to execute local utility scripts including 'generate_schematic.py', 'search_databases.py', 'verify_citations.py', and 'generate_pdf.py' for processing research data and generating documents.
- [EXTERNAL_DOWNLOADS]: The skill instructions suggest installing standard system dependencies such as Pandoc and LaTeX, as well as the Python 'requests' library to support its core functionality.
Audit Metadata