nsfc-code
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided proposal files (.tex, .md, .txt) as an attack surface for indirect prompt injection. This risk is addressed by explicit agent instructions to treat input as data to be analyzed rather than instructions to be followed. 1. Ingestion points: Proposal text is loaded from user-specified paths for ranking. 2. Boundary markers: SKILL.md directs the agent to ignore any commands or instructions embedded within the analyzed text. 3. Capability inventory: Reads local files, executes included Python scripts for similarity ranking, and writes a Markdown report. 4. Sanitization: The ranking script pre-processes LaTeX content to remove formatting and mathematical notation before analysis.
- [COMMAND_EXECUTION]: The agent is directed to use local Python scripts and basic shell commands like mkdir and cp to manage its internal workspace and generate reports. These actions are restricted to the skill's folder and a specific hidden directory, minimizing the security impact on the host environment.
Audit Metadata