nsfc-writer
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is architected to ingest and refine sensitive user-provided academic data, including research abstracts, proposal drafts, and personal CVs (as seen in the workflows of
SKILL.mdandframework-guide.md). - Ingestion points: Untrusted data enters the agent context through chat interactions and the
AskUserQuestiontool throughout the multi-step writing process. - Boundary markers: The skill lacks explicit delimiters or specific instructions to the agent to treat user-provided data as potentially adversarial or to ignore instructions embedded within research materials.
- Capability inventory: The skill utilizes
WebSearchand MCP-integrated scholarly tools (PubMed, Semantic Scholar). It also instructs the agent to generate and save reports (e.g.,点评结果.mdinexpert-scoring.md). - Sanitization: There is no evidence of sanitization, escaping, or validation of user-provided content before it is processed by the writing and reviewer modules.
- [SAFE]: No executable code or scripts (.py, .js, .sh) are included in the skill. All literary search operations target well-known, trusted academic services (PubMed, Semantic Scholar). There are no hardcoded credentials or unauthorized network operations detected.
Audit Metadata