scholar-evaluation
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts to facilitate research scoring and diagram generation.
- Evidence:
python scripts/generate_schematic.py "your diagram description" -o figures/output.pngandpython scripts/calculate_scores.py --scores <dimension_scores.json> --output <report.txt>. - These scripts are part of the skill's local directory and are intended for the primary purpose of visualizing and aggregating research evaluation data.
- [PROMPT_INJECTION]: The skill processes untrusted research documents, creating an attack surface for indirect prompt injection.
- Ingestion points: External research papers, proposals, abstracts, and literature reviews provided by the user (SKILL.md).
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded prompts within the documents being evaluated.
- Capability inventory: Local script execution and file writing to the
figures/directory and report files. - Sanitization: No explicit sanitization or validation of the input scholarly text is described prior to processing or script execution.
Audit Metadata