academic-paper-writer-pro
Fail
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'docx/scripts/office/soffice.py' dynamically generates C source code and compiles it into a shared object using 'gcc' at runtime.
- [COMMAND_EXECUTION]: The skill utilizes the 'LD_PRELOAD' environment variable in 'docx/scripts/office/soffice.py' to inject a compiled library into the 'soffice' process, which is a technique used to subvert environment-level socket restrictions.
- [REMOTE_CODE_EXECUTION]: The skill implements a self-update mechanism in 'SKILL.md' (§1.0) that automatically executes 'git pull' or 'npx skills add' from a remote repository.
- [PROMPT_INJECTION]: The skill maintains a significant surface for indirect prompt injection by processing untrusted data from user documents and code repositories. Mandatory Evidence Chain: 1. Ingestion points: 'SKILL.md' scans and reads user-provided .pdf, .docx, and code directories. 2. Boundary markers: Absent in automated data extraction scripts. 3. Capability inventory: 'subprocess.run' calls, runtime 'gcc' compilation, and file system write operations. 4. Sanitization: Minimal regex-based syntax cleaning for Mermaid diagrams.
- [COMMAND_EXECUTION]: Several scripts invoke external CLI tools via 'subprocess.run', including 'soffice', 'pandoc', 'git', and the Mermaid CLI.
Recommendations
- AI detected serious security threats
Audit Metadata