nsfc-qc
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user data from LaTeX and BibTeX files, which creates an indirect prompt injection surface. The skill manages this risk through instructional boundaries and automated cleaning of the source files.
- Ingestion points: Untrusted content is ingested from user-provided
.texand.bibfiles during the pre-check and multi-thread analysis phases. - Boundary markers: The skill employs highly structured prompts in
scripts/run_parallel_qc.pythat define specific roles, output requirements, and constraints for the AI agents. - Capability inventory: The skill can execute local TeX binary commands, perform network requests for metadata retrieval, and write analysis results to a dedicated workspace.
- Sanitization: The
_strip_commentsfunction inscripts/nsfc_qc_precheck.pyremoves LaTeX comments from the documents before they are analyzed, which prevents the execution of hidden instructions embedded in comments. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to retrieve academic metadata and document fragments from well-known and trusted services, including Crossref, arXiv, and Unpaywall. These operations are core to the citation verification process and target legitimate academic infrastructure.
- [COMMAND_EXECUTION]: The skill utilizes system-level TeX tools (such as
xelatexandbibtex) via thesubprocessmodule to compile documents and calculate page metrics. This execution is performed within an isolated snapshot directory to ensure that the original project source files are never modified or compromised.
Audit Metadata