Skills
skills/deepcitation/skills/verify/Gen Agent Trust Hub

verify

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses npx to execute the deepcitation CLI for various tasks including document preparation, merging report sections, and generating final HTML reports. It also uses script -q -c to force a pseudo-TTY for OAuth authentication flows.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the latest version of the deepcitation package from npm (npx -y deepcitation@latest) to ensure it has the necessary built-in readers (PDF, OCR, web) and reporting features. These downloads originate from a well-known package registry.
  • [CREDENTIALS_UNSAFE]: While the skill manages authentication, it explicitly forbids hardcoding or printing API keys. It uses a standard auth --key command to persist credentials to a local configuration file (~/.deepcitation/credentials.json) rather than exposing them in shell environments or chat history.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 04:59 AM