paper-interpreter
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Executes the local script
scripts/bootstrap_arxiv_paper.pyto set up the paper directory, download metadata, and organize files. This script is part of the skill's source and performs legitimate setup tasks. - [EXTERNAL_DOWNLOADS]: Connects to
arxiv.organdexport.arxiv.orgto retrieve paper assets and metadata. These are well-known academic services, and the skill only accesses these domains to fulfill user requests for specific papers. - [REMOTE_CODE_EXECUTION]: The Python script extracts downloaded TeX source archives. It includes a security check to verify that all extracted members resolve to paths within the intended directory, effectively preventing directory traversal (Zip Slip) attacks.
- [SAFE]: Manages files within the user's local directory (defaulting to
~/Documents/working/papers) for the purpose of creating a persistent research workspace. This behavior is transparently documented and consistent with the skill's primary function.
Audit Metadata