paper-write
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of Markdown-based prompt templates and documentation. It does not contain any scripts (Python, Node.js), executables, or configurations that would lead to code execution or system modification.
- [DATA_EXFILTRATION]: No network access commands (e.g., curl, wget) or hardcoded credentials were identified. The skill processes user-provided text locally within the agent's context.
- [PROMPT_INJECTION]: The skill includes instructions to bypass AI detection ('anti-aigc' or '去 AI 痕'). While these are constraints for writing style, they are not directed at overriding the underlying LLM's safety filters or extracting system instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to process untrusted data provided by the user (theses drafts, reference papers). This represents a standard attack surface for indirect prompt injection.
- Ingestion points: User-provided 'drafts', 'sample papers', and 'outlines' across multiple reference files (e.g.,
structure-imitate-general.md). - Boundary markers: The prompts utilize brackets and placeholders (e.g.,
【中文草稿】,[在此处粘贴]) to separate instructions from user data. - Capability inventory: The skill performs text generation and can interact with another skill (
pptgen-drawio) to generate PPT files. - Sanitization: There is no evidence of input sanitization or filtering of instructions embedded within the user-provided text.
Audit Metadata