Skills
skills/collaborative-deep-research/agent-papers-cli/fact-check/Gen Agent Trust Hub

fact-check

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Prompt Injection (LOW): The user-provided '$ARGUMENTS' is directly interpolated into the instruction set. A malicious user could craft a claim that attempts to bypass the fact-checking instructions to execute arbitrary commands using the allowed Bash tool.
  • Indirect Prompt Injection (LOW): The skill is designed to ingest data from external, untrusted sources (Google, Semantic Scholar, and arbitrary URLs).
  • Ingestion points: The paper-search browse <url>, paper-search google web, and paper-search semanticscholar snippets commands bring external content into the agent's context.
  • Boundary markers: There are no delimiters or 'ignore' instructions used to prevent the agent from obeying commands embedded within the retrieved search results or web pages.
  • Capability inventory: The skill has access to high-privilege tools including Bash, Read, Glob, Grep, and Write.
  • Sanitization: There is no logic present to sanitize or filter the content retrieved from external sources.
  • Command Execution (LOW): The inclusion of the Bash tool in the allowed-tools list provides a significant attack surface if a prompt injection attack is successful.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 04:56 AM