Skills
skills/fmschulz/omics-skills/science-writing/Gen Agent Trust Hub

science-writing

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [External Downloads] (LOW): The skill requires the requests library and interacts with the external CrossRef REST API (api.crossref.org). While CrossRef is a reputable academic service, the domain is not on the predefined whitelist.
  • [Command Execution] (LOW): The skill utilizes the Bash tool to execute a local Python script for DOI validation and metadata retrieval.
  • [Indirect Prompt Injection] (LOW): The skill is designed to process user-provided bibliography files and manuscript sections which could be used as an attack surface for command injection or prompt manipulation.
  • Ingestion points: Bibliography files (.bib, .txt) and manuscript drafts provided as user input.
  • Boundary markers: Absent; there are no specific instructions or delimiters used to isolate untrusted data during processing.
  • Capability inventory: The skill has access to Bash, WebFetch, Read, Write, and Edit tools.
  • Sanitization: There is no evidence of input validation or sanitization for strings like DOIs or filenames before they are passed to shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 05:19 PM