Skills
skills/huangkiki/dailypaper-skills/daily-papers-review/Gen Agent Trust Hub

daily-papers-review

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs shell operations to automate Git workflows (git add, git commit, git push). These commands are constructed by interpolating variables such as {VAULT_PATH} and {daily_papers_folder} which are retrieved from local JSON configuration files (user-config.json). This represents dynamic command generation from computed paths.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external paper sources.
  • Ingestion points: The skill reads enriched paper data (titles, summaries, method names) from /tmp/daily_papers_enriched.json.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands were found when interpolating paper data into the review generation prompt.
  • Capability inventory: The agent has the ability to write files to the local filesystem (Obsidian vault) and execute shell commands (Git).
  • Sanitization: There is no evidence of sanitization or validation performed on the external paper metadata before it is processed.
  • [DATA_EXFILTRATION]: The skill includes a git push capability. While gated by configuration flags, this mechanism can be used to transmit the contents of the local Obsidian vault to a remote server.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 02:29 AM