ieee-paper-detail
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill navigates to URLs targeting IEEE Xplore and DOI services to retrieve academic metadata based on user-supplied identifiers.\n- [COMMAND_EXECUTION]: Uses
evaluate_scriptto execute data extraction logic within the browser context. It also utilizes aninitScriptto modifynavigator.webdriverfor bot detection evasion.\n- [PROMPT_INJECTION]: The skill processes untrusted data from external sources, creating a surface for indirect prompt injection.\n - Ingestion points: Metadata extraction in
evaluate_script(SKILL.md) reads content from article abstracts and titles.\n - Boundary markers: No delimiters or safety instructions are used to distinguish extracted content from agent instructions.\n
- Capability inventory: Interaction is performed using
navigate_pageandevaluate_script(SKILL.md).\n - Sanitization: Extracted metadata is returned to the agent without escaping or filtering of potentially malicious instructions.
Audit Metadata