Skills
skills/flonat/claude-research/bib-validate/Gen Agent Trust Hub

bib-validate

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests permission to use Bash(rm*), which allows for file and directory deletion. This directly contradicts the stated 'Read-only' purpose of the skill in SKILL.md.
  • [REMOTE_CODE_EXECUTION]: The skill executes Python code via uv run that depends on external or local scripts not provided in the skill package, specifically .scripts/openalex/openalex_client.py and the cli_council module in packages/cli-council. This represents execution of unverifiable code.
  • [PROMPT_INJECTION]: The skill has an Indirect Prompt Injection surface as it ingests content from .tex and .bib files and passes this data to sub-agents or external processes without specified sanitization.
  • Ingestion points: LaTeX and BibTeX source files.
  • Boundary markers: No specific delimiters or safety instructions are defined for passing this content to sub-agents in 'Deep Verification Mode'.
  • Capability inventory: The skill possesses Write, Bash, and Task capabilities which could be abused if the agent follows instructions embedded in the files.
  • Sanitization: There is no evidence of sanitization for the citations or metadata extracted from files before they are used in commands or prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 07:17 PM