paper-write-sci
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands such as 'make', 'latexmk', and 'xelatex' to compile LaTeX projects as part of its core functionality, with configurations defined in 'config.yaml'.
- [COMMAND_EXECUTION]: The skill executes a local Python script 'scripts/prepare_workspace.py' to initialize run directories and generate runtime manifests.
- [DATA_EXFILTRATION]: The skill records internal error logs to '~/.bensz-skills/bugs/' and provides instructions for the agent to upload these logs to the author's GitHub repository ('huangwb8/bensz-bugs') using the 'gh' CLI tool, only upon explicit user request.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted user-provided LaTeX source files and research notes. 1. Ingestion points: Reads editable '.tex' files and Markdown notes as described in 'SKILL.md' and 'README.md'. 2. Boundary markers: No explicit delimiters or safety warnings are implemented to isolate processed content from instructions. 3. Capability inventory: Includes file system writes, document build command execution, and network operations via the GitHub CLI. 4. Sanitization: No explicit content sanitization or validation is performed on the ingested data before processing.
Audit Metadata