Skills
skills/flonat/claude-research/validate-bib/Gen Agent Trust Hub

validate-bib

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python packages and modules via uv run python, specifically the cli_council package for multi-model verification results.
  • [COMMAND_EXECUTION]: Fallback verification logic in references/openalex-verification.md uses uv run python -c to execute Python code strings and dynamically modifies the sys.path to import local modules from the .scripts/openalex directory.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted content from .tex and .bib files.
  • Ingestion points: Scans .tex files for citations and parses @entry keys from .bib files (SKILL.md).
  • Boundary markers: None present; the skill lacks delimiters or instructions to ignore embedded agent commands within the bibliography data.
  • Capability inventory: The skill has permissions for Bash operations (ls, mkdir, rm), Write operations, and uv run python execution.
  • Sanitization: There is no documented sanitization or validation of the extracted citation metadata before it is processed by the agent or sub-agents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 07:17 PM