arxiv-reader
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches paper metadata and LaTeX source code from
arxiv.organdexport.arxiv.org. These are well-known and trusted academic services. It also supports an optional local container mode viaARXIV_SERVICE_URL. - [DATA_EXFILTRATION]: The skill creates and maintains a local cache directory at
~/.cache/arxiv-readerto store processed paper content. This is a standard practice for performance and does not involve unauthorized data transmission. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external content (LaTeX source from arXiv) which could theoretically contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Data is fetched from the public arXiv repository via the
arxiv_fetchandarxiv_abstracttools. - Boundary markers: The skill does not currently implement explicit boundary markers or 'ignore' instructions when passing the fetched content to the agent.
- Capability inventory: The skill has access to network operations (
http/httpsmodules) and file system operations (fsmodule for caching). - Sanitization: The skill performs formatting and cleaning (stripping LaTeX comments and appendices) but does not sanitize for potential prompt injection patterns within the paper content.
- [COMMAND_EXECUTION]: All operations are performed using native Node.js APIs. No shell commands or external binaries are executed.
Audit Metadata