scientific-writing
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands for running local Python scripts, such as scripts/generate_schematic.py and scripts/generate_image.py, and the xelatex tool for document compilation. These actions are legitimate and support the core functionality of generating scientific visuals and formatted reports.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. (1) Ingestion points: Information is ingested from external research literature via the research-lookup tool. (2) Boundary markers: There are no explicit markers or warnings defined to isolate the agent from instructions potentially embedded in the research data. (3) Capability inventory: The skill utilizes subprocess calls to execute scripts and filesystem operations within the figures/ directory. (4) Sanitization: The instructions do not describe sanitization or validation of external content before it is interpolated into prompts or used in command arguments.
Audit Metadata