academic-paper
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its data ingestion capabilities.
- Ingestion points:
agents/revision_coach_agent.mdingests unstructured reviewer comments from email or PDF text;agents/visualization_agent.mdingests paper data and statistical results for plotting. - Boundary markers: Absent. The instructions do not define delimiters (like XML tags or triple quotes) or provide specific warnings to the agent to ignore instructions embedded within the ingested data.
- Capability inventory: The skill generates runnable code (Python, R, LaTeX) and provides CLI commands for formatting tools like
pandocandtectonicinagents/formatter_agent.md. - Sanitization: Absent. There is no logic described to escape, filter, or validate the external content before it is interpolated into prompts or used to generate code.
- [COMMAND_EXECUTION]: The skill provides instructions and specific command-line strings for the user to execute external document processing tools.
- Evidence:
agents/formatter_agent.mdandSKILL.mdspecify the use ofpandocfor format conversion andtectonicorxelatexfor PDF compilation from LaTeX. These are well-known, standard tools in academic workflows. - [EXTERNAL_DOWNLOADS]: The skill references numerous external domains for data verification, search, and guidelines.
- Evidence: References across files (e.g.,
references/apa7_chinese_citation_guide.md,references/funding_statement_guide.md) point to domains such asmoe.edu.tw(Ministry of Education),nstc.gov.tw(National Science and Technology Council),law.moj.gov.tw(Ministry of Justice), and major academic publishers likeelsevier.comandspringer.com. These are established and trusted organizations within the higher education and government sectors relevant to the skill's purpose.
Audit Metadata