Skills
skills/boom5426/nature-paper-skills/paper-analyzer/Gen Agent Trust Hub

paper-analyzer

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses curl to download PDFs, archives, and HTML content from arxiv.org. While ArXiv is a trusted and well-known academic repository, fetching external content creates a data ingestion surface that the agent must process.
  • [COMMAND_EXECUTION]: Local Python scripts (generate_note.py and update_graph.py) are executed via shell commands defined in SKILL.md. These commands interpolate user-controlled or paper-controlled variables like $TITLE and $AUTHORS directly into the shell execution context.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. Metadata extracted from untrusted external papers flows into shell arguments and Markdown templates. A paper with a malicious title or author field containing shell control characters or Markdown injection sequences could attempt to influence the agent's behavior or corrupt the formatting of the generated research notes.
  • Ingestion points: ArXiv paper content and metadata retrieved via network requests in SKILL.md.
  • Boundary markers: None identified. Metadata is used directly in shell command templates and f-string file generation.
  • Capability inventory: Shell command execution, local file system writes, and modification of structured JSON data.
  • Sanitization: generate_note.py includes basic character replacement for filenames, but it does not sanitize metadata used inside the Markdown content or within the shell command invocation defined in SKILL.md.
Recommendations
  • HIGH: Downloads and executes remote code from: https://arxiv.org/pdf/[PAPER_ID] - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 13, 2026, 09:09 AM