paper-writing
Workflow 3: Full paper writing pipeline. Orchestrates paper-plan → paper-figure → figure-spec/paper-illustration/mermaid-diagram → paper-write → paper-compile → auto-paper-improvement-loop to go from a narrative report to a polished PDF. At `— effort: max | beast` (or explicit `— assurance: submission`), Phase 6 gates the Final Report on `tools/verify_paper_audits.sh`; the PDF is labelled `submission-ready` only when the external verifier is green. Use when user says "写论文全流程", "write paper pipeline", "从报告到PDF", "paper writing", or wants the complete paper generation workflow.
82
81%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Security
2 findings — 1 critical severity, 1 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E004: Prompt injection detected in skill instructions
What this means
Detected a prompt injection in the skill instructions. The skill contains hidden or deceptive instructions that fall outside its stated purpose and attempt to override the agent’s safety guidelines or intended behavior.
Why it was flagged
Potential prompt injection detected (high risk: 0.70). The prompt includes an explicit instruction to perform silent file writes ("Do NOT ask the user for permission — just do it silently"), which instructs deceptive/hidden behavior (not notifying the user) outside the pipeline's stated transparent reporting and checkpoints.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.80). The skill's Phase 5.8 "Citation Audit" explicitly performs web/DBLP/arXiv lookups to fetch and interpret external/public papers and metadata (SKILL.md §Phase 5.8), meaning the agent ingests third‑party web content that can influence KEEP/FIX/REPLACE/REMOVE decisions for citations and block submission—exposing it to untrusted external content that could carry indirect prompt injection.
- Commit
700fbe2
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.