nsfc-ref-alignment
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates network requests to 'api.crossref.org' and 'api.openalex.org' to perform DOI validation. These are established scholarly metadata providers and are treated as safe sources according to the trust guidelines.\n- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting untrusted text from user-provided LaTeX and BibTeX files, which is subsequently provided to the host AI for semantic analysis. Maliciously formatted content within these files could attempt to subvert the AI's reasoning.\n
- Ingestion points: Document text and metadata are read through 'latex_scanner.py' and 'bib_utils.py'.\n
- Boundary markers: Although the data is passed in a structured JSON format, the skill does not implement specific boundary markers or delimiters in the text fields to instruct the AI to ignore potential instructions embedded in the data.\n
- Capability inventory: The skill's write operations are restricted to the '.nsfc-ref-alignment/' directory and the user-defined 'references/' folder. It does not include functionality for arbitrary command execution or unauthorized network communication for data exfiltration.\n
- Sanitization: While the script strips LaTeX comments, no specific sanitization or filtering is performed on the extracted content to mitigate prompt injection risks.
Audit Metadata