paper-analyst
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python scripts (
scripts/extract_pdf_figures.pyandscripts/extract_pdf_meta.py) via shell commands to process PDF files. User-supplied file paths are passed as arguments to these scripts. While this is the intended functionality for PDF analysis, it represents a standard execution surface where the agent must ensure paths are properly handled to prevent shell injection. - [PROMPT_INJECTION]: The skill is designed to process untrusted external data (academic papers and research PDFs) which could potentially contain indirect prompt injection instructions meant to manipulate the analysis or downstream PPT generation.
- Ingestion points: PDF content is ingested via
scripts/extract_pdf_meta.py,scripts/extract_pdf_figures.py, and direct text extraction by the agent. - Boundary markers: The skill employs a structured tagging system (
[原文声明],[模型归纳]) and explicit instructions for marking uncertainty ([未明确给出],[不确定]) to distinguish between document facts and model inferences. - Capability inventory: The skill has file system read/write access via included Python scripts and the ability to call the
pptxskill to create files. - Sanitization: Instructions require the agent to strip internal metadata tags and compress content before passing data to the
pptxskill, providing a layer of data filtering before external tool invocation.
Audit Metadata