scientific-writing
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and a specific command template for the agent to execute a local Python script residing in another skill's directory.
- Evidence: The
SKILL.mdfile contains an example command:uv run ~/.codex/skills/inno-figure-gen/scripts/generate_image.py. This is intended to facilitate publication-style figure generation using a separate utility skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing external data.
- Ingestion points: The agent is instructed to gather and process data from external sources, including "verified local notes," literature-search tool outputs, and general web literature (found in
SKILL.md). - Boundary markers: The instructions lack explicit boundary markers or delimiters to isolate ingested data from agent instructions.
- Capability inventory: The skill encourages the use of shell commands (via
uv run) to interact with other scripts, which could be exploited if malicious instructions are embedded in the research data. - Sanitization: There are no established protocols for sanitizing or validating the content of research notes or literature before integration into the manuscript prose.
Audit Metadata