literature-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The script 'scripts/generate_pdf.py' executes the local 'pandoc' binary via subprocess.run. While it uses argument lists to prevent shell injection, the invocation of external document converters with user-controlled file paths is a capability that requires monitoring.
- [Data Exposure & Exfiltration] (LOW): 'scripts/verify_citations.py' uses the 'requests' library to perform network lookups on doi.org and api.crossref.org, as well as arbitrary URLs found in processed files.
- [Indirect Prompt Injection] (LOW): The skill exhibits an attack surface for indirect prompt injection because it ingests and processes untrusted markdown data. [Ingestion points: scripts/verify_citations.py, scripts/generate_pdf.py; Boundary markers: Absent; Capability inventory: requests.get, subprocess.run, open(write); Sanitization: Absent]
Audit Metadata