paper-writing
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies extensively on shell commands to manage the research environment and file system. This includes using
findandrgto locate experimental data,mkdirandechofor state management, andlatexmkfor document compilation. It also executes local scripts within the repository, such asverify_paper_audits.shandpaper_illustration_image2.py, for specialized validation and generation tasks. - [EXTERNAL_DOWNLOADS]: The pipeline utilizes external AI capabilities for complex reasoning and creative tasks. Specifically, it calls the Codex MCP (
mcp__codex__codex) for iterative paper reviews and the Gemini API for qualitative illustration generation, necessitating network interactions with these service providers. - [PROMPT_INJECTION]: Because the skill processes untrusted user-supplied files (such as
NARRATIVE_REPORT.mdand raw experiment results in.jsonor.csvformats), it presents a surface for indirect prompt injection. Maliciously crafted content in these inputs could theoretically attempt to manipulate the automated writing or review processes. - Ingestion points: User-provided research narratives, experiment results, and data outputs are read into the agent's context during the writing and auditing phases.
- Boundary markers: The skill does not define explicit delimiters or instructions to isolate the ingested paper content from the agent's internal logic.
- Capability inventory: The skill has broad privileges including full Bash shell access, the ability to write/edit local files, and the capacity to trigger other specialized tools and skills.
- Sanitization: No specific input sanitization or validation routines are specified for the contents of the research documents before they are processed by the LLM reviewers.
Audit Metadata