bib-search-citation
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted bibliographic data from user-supplied .bib files, creating a surface for indirect prompt injection if malicious instructions are embedded within paper metadata.
- Ingestion points: The scripts/search_bib.py script reads and parses the content of external .bib files provided by the user.
- Boundary markers: Results are returned in a structured JSON format to the agent, providing some logical separation; however, the agent's instructions do not include specific directives to ignore instructions that might be contained within the bibliography fields.
- Capability inventory: The skill uses the Bash tool to execute its parsing script and the Read tool to access the library file. It does not possess network access, file-writing capabilities, or privilege escalation paths.
- Sanitization: The Python script normalizes text by stripping LaTeX escapes and specific formatting characters using regex, but it does not perform semantic sanitization to detect or neutralize natural language instructions inside the data.
Audit Metadata