biomedical-paper-billing

Things to consider before installing/using: - Metadata mismatches: _meta.json lists a different displayName/owner and package.json references index.js (missing). This could indicate careless packaging or repackaging — verify the author identity before trusting outputs. - No credentials required, but the SKILL.md instructs the agent to run PubMed/web searches and to automatically replace any user-supplied references that cannot be verified. That replacement behavior can change the provenance and claims in a manuscript — always manually review the 'citation mapping table' and substituted references. - The included Python file (assets/docx_builder.py) appears benign and only builds .docx files, but the runtime requires python-docx; the skill does not install dependencies for you. Run it in a sandbox or environment you control and ensure dependencies are pinned/inspected. - Ethical risks: this skill can facilitate producing academic manuscripts and could be used to generate misleading or inappropriate papers. Do not provide identifiable or unpublished patient-level data, and verify all statistics and references yourself before submission. - Practical steps: (1) confirm the registry owner and author identity, (2) test the tool on non-sensitive drafts, (3) inspect any network calls your agent will make (which PubMed endpoints or web_search tools are used), (4) review the final document and the '引用编号映射表' for any substituted citations, and (5) if you need a stricter audit, request a version with clear provenance for all web lookups (e.g., PMIDs and retrieval timestamps) and a manifest explaining why package.json/index.js exist.