paper-write
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted research notes (PAPER_PLAN.md, NARRATIVE_REPORT.md) which are interpolated into prompts. 1. Ingestion points: User-provided markdown files in the local workspace. 2. Boundary markers: Absent; instructions do not enclose ingested content in delimiters or include 'ignore instructions' warnings. 3. Capability inventory: Bash, Write, Edit, Agent. 4. Sanitization: Absent; content is processed directly. This creates a surface for indirect prompt injection where malicious instructions in research notes could influence agent behavior.
- [EXTERNAL_DOWNLOADS]: The skill fetches bibliography metadata from dblp.org and doi.org. These are well-known academic services used to prevent citation hallucinations and ensure reference accuracy.
- [COMMAND_EXECUTION]: Executes shell commands and an embedded Python script to organize the LaTeX project structure, manage backups, and perform citation hygiene checks within the local environment.
Audit Metadata