Skills
skills/dw-dengwei/skills/interactive-intro-writer/Gen Agent Trust Hub

interactive-intro-writer

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality of processing external data.
  • Ingestion points: According to SKILL.md and README.md, the agent accepts user-provided .tex files, "scattered notes", and "method descriptions" for processing.
  • Boundary markers: Absent. The instructions do not define delimiters or provide specific instructions for the agent to treat input data as non-executable text.
  • Capability inventory: The skill is granted Read, Write, Edit, and Bash tool access as defined in SKILL.md.
  • Sanitization: Absent. There is no evidence of input validation, filtering, or escaping for the data ingested during the dialogue or file-reading phases.
  • [COMMAND_EXECUTION]: The skill's configuration in SKILL.md requests the Bash tool in the allowed-tools metadata. While the primary workflow described involves using Read and Edit for LaTeX files, the inclusion of a shell environment alongside tools that process untrusted external files creates a larger attack surface than necessary for a text-polishing task.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 11:50 PM