search-conference
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the
embed-papersPython package. As this package is not from a pre-defined trusted organization, it is classified as an unverifiable dependency. The severity is lowered from MEDIUM to LOW because the package is essential to the skill's primary stated purpose. - [COMMAND_EXECUTION] (SAFE): The skill executes various CLI commands using the
embed-papersutility. It uses user-provided inputs such asvenue_idandquery. No arbitrary command injection or shell-breaking patterns were detected in the pipeline instructions. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from external sources.
- Ingestion points: Research paper metadata (titles and abstracts) are ingested from the OpenReview API via the
embed-papers searchcommand. - Boundary markers: The prompt instructions do not specify any boundary markers or delimiters (e.g., XML tags or backticks) when interpolating fetched content into the final Markdown report.
- Capability inventory: The skill has the capability to execute subprocesses (
embed-papers) and write to the local filesystem (tmp.json). - Sanitization: There is no evidence of content sanitization or instruction to ignore potential commands embedded within the retrieved paper abstracts.
- [CREDENTIALS_UNSAFE] (SAFE): The skill uses
OPENAI_API_KEY. It explicitly instructs the agent to check for the environment variable and stop/prompt the user if it is missing, which is a secure practice compared to hardcoding or silent failure.
Audit Metadata