Skills
skills/collaborative-deep-research/agent-papers-cli/literature-review/Gen Agent Trust Hub

literature-review

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill interpolates user-provided '$ARGUMENTS' directly into instructions that are likely executed via the Bash tool. If a user provides an argument containing shell metacharacters (e.g., "; rm -rf /"), it could lead to command injection if the underlying agent does not properly sanitize the input before passing it to the shell.
  • COMMAND_EXECUTION (LOW): The skill utilizes high-privilege tools (Bash, Write) to interact with external CLI tools. While these are used for the stated purpose of literature review, the lack of input validation on the 'topic' argument presents a risk.
  • INDIRECT_PROMPT_INJECTION (LOW): Mandatory Evidence Chain:
  • Ingestion points: The skill fetches external content using paper skim, paper read, and paper-search from academic sources like ArXiv and Semantic Scholar.
  • Boundary markers: Absent. There are no delimiters or instructions to the agent to treat paper content as untrusted data or to ignore embedded instructions.
  • Capability inventory: The skill has access to Bash and Write tools, which could be exploited if a paper contains malicious instructions that the agent inadvertently follows.
  • Sanitization: Absent. The skill reads and processes the text of papers directly without filtering or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 04:56 AM