Skills
skills/fw1201/tw-edu-skills/tw-edu-citation-checker/Gen Agent Trust Hub

tw-edu-citation-checker

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8).
  • Ingestion points: The skill ingests user-supplied citation lists and retrieves data from external sources via WebSearch and Consensus MCP, specifically querying api.crossref.org, doi.org, and academic search engines.
  • Boundary markers: While the skill follows a strict internal protocol (Steps A-E), there are no explicit delimiters or instructions provided to the agent to disregard potential instructions embedded within the retrieved academic metadata or search snippets.
  • Capability inventory: The skill uses Bash, Read, Write, and WebSearch tools. A malicious search result could potentially influence these tools if the model treats the external data as instructions.
  • Sanitization: There is no evidence of sanitization or filtering for the external content before it is processed by the agent to generate reports.
  • [SAFE]: Data Transmission and Search Operations.
  • The skill communicates with well-known academic services (doi.org, api.crossref.org). These operations are consistent with the skill's stated purpose of verifying academic citations and do not represent unauthorized data exfiltration.
  • [SAFE]: Scripting and Utilities.
  • The Python utility scripts/tw_edu_doc_utils.py is used for Word document styling and does not perform any network operations, subprocess executions, or sensitive file system access.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 01:46 AM