cite-them-all
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill identifies a potential surface for indirect prompt injection as it ingests untrusted text from local manuscripts and external academic metadata (abstracts). The risk is mitigated by a human-in-the-loop design. 1. Ingestion points: Local Markdown files and remote article metadata from PubMed/bioRxiv APIs. 2. Boundary markers: External data is presented within structured Markdown reports, though specific delimiter-based isolation is not explicitly defined. 3. Capability inventory: Access to Bash, Write, Edit, and Read tools. 4. Sanitization: Relies on manual user review and approval of all generated citation suggestions.
- Command Execution (SAFE): The skill utilizes the Bash tool for legitimate local operations such as creating file backups. No malicious command patterns, shell concatenation, or piped remote script executions were detected.
- Data Exposure & Exfiltration (SAFE): Network activity is conducted through MCP tools targeting reputable academic repositories. File access is limited to the manuscript path provided by the user, and no attempts to access sensitive system directories or hardcoded credentials were found.
Audit Metadata