paper-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted content from external academic papers to generate structured outputs and implementation plans.
- Ingestion points: Untrusted data enters the context via tool calls that fetch full text or section-level content as described in
SKILL.md(Required flow step 2) and the tool mapping checklist inreferences/paper-tools-and-prompts.md. - Boundary markers: The prompt templates and instructions lack explicit delimiters or mandatory "ignore embedded instructions" warnings for the fetched paper content.
- Capability inventory: The skill allows the agent to fetch metadata, sections, figures, and citations, and then translate that content into implementation-ready notes and code-facing plans.
- Sanitization: There is no mention of sanitizing or validating the fetched text for malicious instructions before it is processed by the LLM.
Audit Metadata