peer-review
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute local Python scripts. Specifically, it runs 'scripts/generate_schematic.py' to create scientific diagrams and 'skills/scientific-slides/scripts/pdf_to_images.py' to convert presentation PDFs into image files for review.
- [PROMPT_INJECTION]: The skill workflow is susceptible to indirect prompt injection through its document analysis capabilities. 1. Ingestion points: The agent reads and processes untrusted manuscript and presentation files (SKILL.md). 2. Boundary markers: Absent; there are no instructions to differentiate between user-provided evaluation criteria and potentially malicious instructions embedded in the analyzed PDFs. 3. Capability inventory: The skill has access to Bash, Read, Write, and Edit tools, allowing it to modify files and execute commands based on the content of external documents (SKILL.md). 4. Sanitization: Absent; the skill does not perform validation or filtering of content extracted from documents before processing.
- [SAFE]: The skill includes promotional content and links to 'www.k-dense.ai', which are identified as legitimate resources belonging to the skill author K-Dense Inc. (wu-yc) and do not represent a security risk.
Audit Metadata