Skills
skills/huangkiki/dailypaper-skills/daily-papers-notes/Gen Agent Trust Hub

daily-papers-notes

Warn

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the shell to perform automation tasks and run local scripts.
  • Evidence: Execution of python3 ../_shared/generate_concept_mocs.py and python3 ../_shared/generate_paper_mocs.py in Step 4.
  • Evidence: Use of git add, git commit, and git push in Step 5.
  • Evidence: Use of find and Glob to discover and verify files within the local filesystem.
  • [DATA_EXFILTRATION]: The skill contains logic to send local data to external Git remotes.
  • Evidence: The git push command in Step 5 can exfiltrate the contents of the specified VAULT_PATH if a remote origin is configured.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external content.
  • Ingestion points: Data is ingested from /tmp/daily_papers_enriched.json, ArXiv paper links, and recommended paper files in Step 1 and Step 2.
  • Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to disregard instructions potentially embedded in the papers or metadata.
  • Capability inventory: The agent has permission to write to files (Step 3), execute shell commands (Step 4, Step 5), and invoke other skills (/paper-reader).
  • Sanitization: There is no evidence of sanitization or safety filtering for content extracted from papers before it is used to generate notes or modify the vault.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 11:01 AM