Skills
skills/glennguilloux/context-engineering-kit/setup-arxiv-mcp/Gen Agent Trust Hub

setup-arxiv-mcp

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill directs the agent to install third-party MCP servers (paper-search and arxiv-mcp-server) using the mcp-add command. While these involve downloading external software, it is the primary and intended purpose of the skill.
  • COMMAND_EXECUTION (LOW): The skill uses standard MCP management commands (mcp-find, mcp-add, mcp-config-set, mcp-exec) to configure the environment. These are used as intended for service setup.
  • DATA_EXPOSURE (SAFE): The skill references local configuration paths such as ~/.claude/CLAUDE.md. This is standard practice for persistent agent configuration and does not involve unauthorized access or exfiltration.
  • INDIRECT_PROMPT_INJECTION (LOW): As the skill facilitates searching and reading academic papers from external sources (arXiv, PubMed, etc.), there is a theoretical surface for indirect prompt injection if an attacker-controlled paper contained malicious instructions. This is a common risk for all research-oriented skills and is mitigated by the agent's internal safety guardrails.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:50 PM