general-writing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes local Python scripts using the
Bashtool with user-supplied keywords. If the keywords are not properly sanitized, an attacker could potentially execute arbitrary shell commands by including shell metacharacters such as semicolons or pipes. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it ingests output from external research processes without validation or boundary markers. Evidence Chain: (1) Ingestion points: research.md (referenced in Stage 2). (2) Boundary markers: Absent; no explicit delimiters or warnings to ignore embedded instructions are used. (3) Capability inventory: Bash, Write, Edit, Grep, Glob, and Read. (4) Sanitization: Absent; the content is consumed and integrated directly into the final article draft.
Audit Metadata