literature-review
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the
requestsPython library and standard system utilities such aspandocandxelatexfor document processing and PDF generation. These are reputable tools commonly used in academic and technical environments. - [COMMAND_EXECUTION]: The script
scripts/generate_pdf.pyautomates PDF creation by executingpandocandxelatexthroughsubprocess.run. The implementation is secure, as it passes arguments as a list and avoids the use ofshell=True, effectively preventing command injection risks from user-supplied file names or paths. - [DATA_EXFILTRATION]: While the skill performs network requests via
scripts/verify_citations.py, these operations are strictly confined to official citation metadata services (doi.organdcrossref.org). This is a legitimate and necessary function for ensuring the accuracy of research citations. - [INDIRECT_PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it processes untrusted data from academic databases (e.g., PubMed, arXiv).
- Ingestion points: External citation data and abstracts are ingested via JSON files and processed by
scripts/search_databases.py. - Boundary markers: The instructions do not define specific markers to isolate the untrusted search results from the agent's instructions.
- Capability inventory: The skill has access to the
Bashtool and executes shell commands via the PDF generation script. - Sanitization: There is no explicit sanitization of external metadata before it is interpolated into the final review documents. This is considered a standard operational risk for research-oriented skills.
- [SAFE]: No evidence of prompt injection, hidden persistence mechanisms, or credential harvesting was found. The skill maintains a professional, academic focus and includes verification steps that promote data integrity.
Audit Metadata