scientific-writing
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local subprocesses to automate figure generation and document compilation. These include calls to scripts/generate_schematic.py and scripts/generate_image.py for scientific visuals, and the xelatex engine for generating high-quality PDF reports.
- [EXTERNAL_DOWNLOADS]: The skill integrates with research-lookup to retrieve scientific literature and data from external repositories.
- [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection due to the processing of untrusted data from external research papers.
- Ingestion points: Data and literature retrieved from the research-lookup skill (SKILL.md).
- Boundary markers: The skill implements a two-stage development process (outline creation followed by prose conversion), which provides some logical separation, although explicit delimiters for external content are not mentioned.
- Capability inventory: Subprocess execution capabilities via Python and LaTeX.
- Sanitization: No explicit validation or filtering logic for the retrieved research data is described in the skill instructions.
Audit Metadata