academic-research
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): Vulnerable to indirect prompt injection via external data ingestion.
- Ingestion points: The research workflow (Step 2: Search Strategy) explicitly directs the agent to query and read data from external sources like arXiv, Semantic Scholar, and PhilPapers.
- Boundary markers: The instructions lack explicit delimiters or instructions to ignore potential commands embedded within the abstracts or full text of the papers retrieved.
- Capability inventory: While the skill itself primarily synthesizes information, it can be invoked in 'Subagent Mode' to return structured JSON. Malicious instructions in a paper's metadata or abstract could potentially poison this JSON output to influence downstream components.
- Sanitization: There is no mention of sanitizing or filtering the content retrieved from web searches before processing and synthesis.
Audit Metadata