tooluniverse-literature-deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from academic databases (PubMed, Europe PMC, etc.) which are then synthesized into reports. This introduces a surface for indirect prompt injection if the retrieved content contains malicious instructions.\n
- Ingestion points: Data returned by EuropePMC_search_articles, SemanticScholar_get_pdf_snippets, and ArXiv_get_pdf_snippets as described in SKILL.md.\n
- Boundary markers: The skill does not provide explicit boundary markers or instructions for the agent to ignore embedded prompts within the retrieved text snippets.\n
- Capability inventory: The agent has the capability to write findings to local markdown files (e.g., [topic]_report.md) as specified in Phase 3 of SKILL.md.\n
- Sanitization: The skill employs evidence grading (T1-T4) and theme clustering to validate scientific information, although these measures are not primarily designed for prompt safety.
Audit Metadata