nsfc-research-content-writer
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains multiple Python scripts in the
scripts/directory intended for local validation of the grant proposal content and the skill's own configuration. - [COMMAND_EXECUTION]: The script
scripts/run_checks.pyexecutes other local scripts usingsubprocess.run(). This is implemented using safe list-based arguments without shell execution, effectively preventing command injection. - [DATA_EXFILTRATION]: The skill instructions define a protocol for reporting bugs to the author's GitHub repository (
huangwb8/bensz-bugs) using theghtool. This is a documented developer feature triggered by specific user requests and targets a whitelisted domain with no access to sensitive system files. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and processes user LaTeX files from the provided project directory.
- Ingestion points: Reads existing
.texfiles and project data from the user-specifiedproject_root. - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions for the content read from the file system.
- Capability inventory: Ability to write to three specific LaTeX output files as defined in
config.yamland execute local Python validation scripts. - Sanitization: Input from user files is processed without explicit sanitization or validation of the text content.
Audit Metadata