Skills
skills/hkuds/cli-anything/cli-anything-zotero/Gen Agent Trust Hub

cli-anything-zotero

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous commands that interact with the local Zotero application, its Local API, and its SQLite database. These include app management (launch, enable-local-api), data retrieval, and experimental SQLite write operations.
  • [INDIRECT_PROMPT_INJECTION]: The skill acts as a data ingestion point for the agent.
  • Ingestion points: Commands such as item get, item context, and note get (described in SKILL.md) retrieve data from a user's Zotero library, which often contains content imported from untrusted web sources.
  • Boundary markers: There are no explicit instructions or delimiters defined to separate retrieved Zotero data from agent instructions.
  • Capability inventory: The skill allows for local file system access (Zotero attachments) and experimental database writes (SKILL.md).
  • Sanitization: No sanitization or validation mechanisms are described for the data retrieved from Zotero before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:01 PM