paper-audit
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to well-known academic services including Semantic Scholar (api.semanticscholar.org), ArXiv (export.arxiv.org), and Tavily (api.tavily.com) to facilitate literature grounding and citation verification. These operations are directly aligned with the skill's primary purpose.
- [COMMAND_EXECUTION]: The orchestrator script audit.py uses subprocess.run to execute local Python modules for specific audit tasks like grammar and logic analysis. This is a standard architectural implementation for modular tools. Additionally, parsers.py dynamically loads logic from sibling skills to handle different document formats.
- [PROMPT_INJECTION]: The skill processes untrusted user-provided document content (.tex, .typ, .pdf). This represents a standard surface for indirect prompt injection inherent to document analysis tools. The skill includes specific instructions for the agent to distinguish between automated script findings and model-based interpretations to mitigate unintended behavior.
Audit Metadata