survey-paper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection.
- Ingestion points: The skill ingests untrusted external data via
mcp__arxiv-mcp-server__read_paper(Phase 1). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore malicious instructions embedded within the paper text.
- Capability inventory: The agent has the capability to write files to the local file system (Phase 5).
- Sanitization: No sanitization of the paper content or extracted metadata (which determines the filename/path) is performed before interpolation into file operations.
- [COMMAND_EXECUTION] (LOW): The skill performs file system write operations using hardcoded absolute paths.
- Evidence: The path
/Users/iamseungpil/LSP/study/Study/01_Papers/Survey/[Category]/is hardcoded in Phase 5. - Risk: This leaks the author's local username (
iamseungpil) and local directory structure. Furthermore, if the[Category]or filename components (derived from the paper metadata) are manipulated by a malicious paper title/metadata, it could lead to path traversal or writing files in unintended local directories.
Audit Metadata