paper-plan
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script
tools/extract_paper_style.pyusing the Bash tool to process structural layout references. This script is a vendor-provided resource for style extraction. - [COMMAND_EXECUTION]: Instructions guide the user to run
bash tools/install_aris.shfor dependency management if required tools are missing. These scripts are managed by the skill author's infrastructure. - [EXTERNAL_DOWNLOADS]: The skill utilizes
WebFetchandWebSearchtools to retrieve paper content from external sources such as arXiv IDs and URLs when users provide a style reference. This data is used solely for structural guidance. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from research narratives and external papers to generate its reports.
- Ingestion points: Reads
NARRATIVE_REPORT.md,STORY.md,AUTO_REVIEW.md, and external paper sources via web retrieval. - Boundary markers: The instructions do not define explicit boundary markers or delimiters for the ingested data.
- Capability inventory: Uses
Bashexecution,Writeaccess to the project root for creatingPAPER_PLAN.mdandGAP_REPORT.md, andWebFetchfor remote data retrieval. - Sanitization: No specific content sanitization or filtering logic is described for the processed text.
- [DATA_EXPOSURE]: The skill accesses project-specific files including experiment logs (JSON) and narrative documents to synthesize claims and evidence for the paper outline.
Audit Metadata