wos-paper-detail
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from the Web of Science website, which creates a surface for indirect prompt injection.
- Ingestion points: Paper metadata, including titles and abstracts, are extracted from external web pages in Step 3 of SKILL.md.
- Boundary markers: No explicit delimiters are used in the output presentation template to separate extracted external data from instructions.
- Capability inventory: The skill is restricted to web browsing and data extraction via navigate_page and evaluate_script; no local file system or shell execution capabilities were detected.
- Sanitization: Extracted content is presented directly to the agent without filtering for potential adversarial instructions embedded in the paper metadata.
Audit Metadata