research-apply
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious instructions or suspicious code patterns were detected. The skill operates exclusively on local project files to manage research workflows.
- [PROMPT_INJECTION]: The skill has a potential surface for indirect prompt injection because it reads and follows instructions from local files like tasks.md and experiment-plan.md. Given its purpose as a research coordinator, this is an inherent operational characteristic rather than a vulnerability.
- Ingestion points: Files located at research/idea.md, research/proposals/Pxx-/tasks.md, and research/proposals/Pxx-/experiment-plan.md.
- Boundary markers: Absent; there are no specific delimiters used to isolate the content of these files from the agent's instructions.
- Capability inventory: The skill updates local markdown logs (experiment-report.md, evidence-ledger.md) and executes tasks as defined in research proposals.
- Sanitization: Content from ingested files is not sanitized or escaped before processing.
Audit Metadata