gs-fulltext
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
evaluate_scripttool to programmatically interact with the Google Scholar Document Object Model (DOM) and extract bibliographic details. - [EXTERNAL_DOWNLOADS]: The skill identifies and provides links to external research providers and academic repositories, including DOI resolvers and document mirrors.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by extracting untrusted text (paper titles and metadata) from external webpages. 1. Ingestion points: Metadata extraction in
SKILL.md(Step 2). 2. Boundary markers: Absent. 3. Capability inventory: Browser script execution (evaluate_script) and page navigation (new_page). 4. Sanitization: No content filtering or instruction delimiters were identified.
Audit Metadata