Skills
skills/huangkiki/dailypaper-skills/daily-papers-fetch/Gen Agent Trust Hub

daily-papers-fetch

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes local Python scripts including 'fetch_and_score.py' and 'enrich_papers.py' using 'python3' to manage the paper fetching and scoring workflow.
  • [EXTERNAL_DOWNLOADS]: Fetches academic paper information from trusted services such as arXiv and HuggingFace; these operations are core to the skill's purpose and are performed via script-based network requests.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to the ingestion of untrusted external content.
  • Ingestion points: Paper titles, abstracts, and HTML metadata fetched from arXiv and HuggingFace as described in 'SKILL.md'.
  • Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are defined in the agent prompt.
  • Capability inventory: The skill can execute local Python scripts and system commands, and write to the local file system (/tmp/).
  • Sanitization: Data is parsed using regex within external scripts, but there is no evidence of safety filtering for content eventually consumed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 02:29 AM