literature
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches bibliometric metadata and paper details from well-known academic services including OpenAlex, Scopus, Web of Science, and Crossref.- [EXTERNAL_DOWNLOADS]: Downloads preprint LaTeX source archives from arXiv, which is a trusted academic repository.- [COMMAND_EXECUTION]: Executes system commands using
curl,wget,tar, anduvto facilitate data retrieval from APIs, extraction of source archives, and execution of local Python packages.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the ingestion and processing of untrusted academic data. - Ingestion points: Research paper abstracts, bibliometric metadata, and LaTeX source files retrieved from external web sources (
SKILL.md,references/agent-templates.md,references/cli-council-search.md). - Boundary markers: Absent. There are no explicit delimiters or 'ignore' instructions wrapping the external content when it is passed to the agent context.
- Capability inventory: The agent can execute shell commands via Bash (
curl,wget,tar,uv), perform network operations, and write files (SKILL.md,references/cli-council-search.md). - Sanitization: Not identified. The skill relies on the LLM to interpret retrieved academic content without explicit filtering or validation against prompt injection patterns.
Audit Metadata