gs-export
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script ('push_to_zotero.py') via a bash command to manage the data transfer to the Zotero application.
- [EXTERNAL_DOWNLOADS]: The Python script performs network requests to download PDF files from various publisher websites based on citation metadata found on Google Scholar.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill processes untrusted data from external webpages.
- Ingestion points: Citation dialogs and BibTeX pages are fetched from Google Scholar via evaluate_script calls in SKILL.md.
- Boundary markers: None are present to distinguish data from instructions during the parsing process.
- Capability inventory: The skill has the ability to execute shell commands and make network requests to localhost and the public internet.
- Sanitization: There is no explicit sanitization; the agent is tasked with parsing the raw BibTeX strings into structured JSON.
Audit Metadata