nsfc-abstract
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
validate_abstract.pyandwrite_abstracts_md.py) to perform deterministic character counting and enforce formatting constraints on the generated abstracts. These scripts are bundled with the skill and do not interact with external networks or untrusted binaries.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes user-provided research descriptions. (1) Ingestion points: User-supplied research objects, problems, and content provided via input prompts or theinfo_form.mdtemplate. (2) Boundary markers: Output is delimited by specific marker tags (e.g., [ZH], [EN]) and Markdown headings as defined inconfig.yaml. (3) Capability inventory: Executes local Python scripts and writes to the local filesystem. (4) Sanitization: Thewrite_abstracts_md.pyscript contains a_is_safe_filenamefunction that prevents path traversal and restricts file writing to the current working directory, effectively mitigating common file-system-based injection risks.
Audit Metadata