xray-paper-skill
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It processes untrusted academic content from external sources such as local PDF/text files and research paper URLs which are then incorporated into the analysis context.\n
- Ingestion points: The skill uses
WebFetchand a Python-based extractor (scripts/xray_io.py) to read content from user-provided paths and URLs.\n - Boundary markers: There are no explicit delimiters or instruction-isolation markers to prevent instructions embedded within the paper text from being followed by the agent.\n
- Capability inventory: The skill utilizes
Read,Write,WebFetch, andBashtools, creating a significant attack surface if an attacker embeds malicious instructions in a paper.\n - Sanitization: Content is cleaned for logical extraction purposes but is not sanitized for potential malicious instructions or prompts.\n- [COMMAND_EXECUTION]: The skill executes a local script via
Bashusing parameters derived from user input ($ARGUMENTS). While the paths are enclosed in double quotes in the instructions, this pattern constitutes a potential command injection surface if the input is maliciously crafted and the underlying shell environment allows expansion or command chaining.
Audit Metadata