citation-management
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The script 'search_google_scholar.py' requires the 'scholarly' library, which is an external dependency not included in the trusted organizations list. Use of free proxies within this library further increases privacy and security risks.
- [DATA_EXFILTRATION] (MEDIUM): Both scripts allow reading from ('--input') and writing to ('--output') arbitrary file paths provided via arguments. This capability can be abused to access sensitive data or overwrite system files if the agent is manipulated by a prompt injection.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection from academic metadata (Category 8). Evidence: 1. Ingestion: Raw data from CrossRef API and Google Scholar results. 2. Boundaries: Absent; content is concatenated directly into BibTeX strings. 3. Capability: The skill possesses file-write and network-access capabilities. 4. Sanitization: None; metadata is processed as-is from external sources.
Audit Metadata