Skills
skills/davila7/claude-code-templates/citation-management/Gen Agent Trust Hub

citation-management

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected. The skill ingests metadata (titles, abstracts, authors) from external APIs (CrossRef and Google Scholar) and interpolates it into the agent's context as BibTeX or JSON.
  • Ingestion points: doi_to_bibtex.py (line 52: response.text), search_google_scholar.py (line 82: scholarly.search_pubs(query)).
  • Boundary markers: Absent. The skill does not wrap external content in delimiters or provide 'ignore instructions' warnings to the agent.
  • Capability inventory: Both scripts possess file-write capabilities (-o flag) and network-read capabilities.
  • Sanitization: Absent. There is no validation or filtering of the retrieved metadata to prevent embedded instructions from influencing the agent's behavior.
  • [EXTERNAL_DOWNLOADS] (LOW): The script search_google_scholar.py requires the scholarly library, which is an external dependency not included in the standard library. While a known tool, its installation expands the attack surface.
  • [DATA_EXFILTRATION] (LOW): The scripts perform network GET requests to doi.org and Google Scholar. While these actions are required for the skill's functionality, they target non-whitelisted domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:49 PM