ml-paper-writing
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The file
templates/neurips2025/Makefileincludes anupgradetarget that downloads a ZIP archive frommedia.neurips.ccusingcurl. This domain is not included in the list of trusted external sources, making the integrity of the downloaded content unverifiable through static analysis. - COMMAND_EXECUTION (LOW): The Makefile in
templates/neurips2025/is designed to execute shell commands (curl,unzip,mv,rm) to update local LaTeX style files. While standard for build systems, these operations should be monitored when triggered by an agent. - PROMPT_INJECTION (LOW): The skill documentation (
arxiv-search-guide.md) and data structures (kaiming_he_injection_record.json) describe automated workflows for searching, extracting, and analyzing research papers from arXiv. This ingestion of external, untrusted content presents an indirect prompt injection surface. - Ingestion points: arXiv abstract pages, full paper content, and paper metadata extracted via Chrome MCP.
- Boundary markers: None identified in the provided templates or guides.
- Capability inventory: Automated pattern mining, text extraction, and knowledge base updating (writing to
structure.md,writing-techniques.md). - Sanitization: No explicit sanitization or validation steps are documented for the incoming research data.
Audit Metadata