paper2code-arxiv-implementation
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design. It ingests content from external Arxiv papers to generate functional Python code and configuration files, which could be exploited if an attacker-controlled paper contains malicious instructions.
- Ingestion points: External Arxiv paper data accessed via URLs or IDs (e.g., arxiv.org/abs/...) are retrieved and processed to influence code generation.
- Boundary markers: Absent; the skill does not provide the agent with instructions or delimiters to ignore or isolate potential command-like text or adversarial instructions embedded within the retrieved research papers.
- Capability inventory: The skill instructs the agent to create directories and write multiple files, including src/model.py, src/train.py, and requirements.txt, to the local file system. The generated code is intended to be executed by the user.
- Sanitization: There is no mechanism described to sanitize or validate the paper content or the generated dependencies before they are processed by the LLM or presented to the user.
Audit Metadata