scientific-writing
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts (
scripts/generate_schematic.pyandscripts/generate_image.py) using the Bash tool to create visuals for the manuscript. Because these scripts are referenced but not included in the provided file set, their logic cannot be audited for security. - [PROMPT_INJECTION]: The skill instructions emphasize mandatory figure generation and prose formatting using 'MANDATORY' and 'CRITICAL' tags. While these serve to enforce a specific persona and quality standard, they use forceful language common in system prompt overrides.
- [PROMPT_INJECTION]: There is an inherent risk of indirect prompt injection as the skill is designed to fetch and process external literature via the
research-lookuptool. Untrusted data from scientific papers could contain instructions intended to influence the agent's output. - Ingestion points: External data enters the context through research queries as described in the two-stage writing process in
SKILL.md. - Boundary markers: The instructions do not define specific delimiters or guidelines to ignore instructions embedded in the retrieved research content.
- Capability inventory: The skill has access to the
Bashtool (for script execution) andWrite/Edittools (for file modification). - Sanitization: There is no explicit requirement for the agent to sanitize or validate the content fetched from external databases.
Audit Metadata