tw-research-citation-checker
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data without sanitization or boundary markers.
- Ingestion points: User-provided citation lists in 'SKILL.md' (Step 1, Q1).
- Boundary markers: No delimiters or instructions are provided to the agent to treat the input strictly as data and ignore embedded instructions.
- Capability inventory: The agent has access to 'Bash', 'Write', and 'WebSearch', providing a significant attack surface if the agent is misled by malicious data.
- Sanitization: No validation or escaping of external content is performed before processing.
- [COMMAND_EXECUTION]: The skill requests access to the 'Bash' tool in the frontmatter configuration. This allows for the execution of the included 'scripts/tw_edu_doc_utils.py' and other local operations. While consistent with the stated purpose of generating reports, the use of shell tools requires monitoring.
- [EXTERNAL_DOWNLOADS]: The skill performs automated searches and API calls to fetch academic metadata.
- Evidence: Fetches citation data from 'api.crossref.org' and performs academic searches via 'WebSearch' (Step 2, Step 6).
- Context: These operations target well-known academic registries and services to verify document integrity.
Audit Metadata