sd-paper-detail
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and processes untrusted data from external article pages on ScienceDirect.
- Ingestion points: Paper titles, abstracts, highlights, and section headings are retrieved from the page DOM using
evaluate_scriptinSKILL.md. - Boundary markers: The skill does not use delimiters or provide specific instructions to the agent to ignore potential commands embedded within the extracted text.
- Capability inventory: The skill has the ability to navigate to arbitrary URLs (
navigate_page), execute browser-side scripts (evaluate_script), and simulate user clicks (click). - Sanitization: There is no evidence of content validation, escaping, or sanitization of the extracted web content before it is presented to the agent.
Audit Metadata