Skills
skills/iamzhihuix/zhihui-awesome-skills-open/arxiv-watcher/Gen Agent Trust Hub

arxiv-watcher

Fail

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/search_arxiv.sh is vulnerable to shell command injection. The $QUERY variable is interpolated into a curl command string within double quotes, which allows for command substitution (e.g., $(...) or backticks) to be executed by the shell during the script's runtime.\n- [PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection.\n
  • Ingestion points: XML data from ArXiv API (titles, summaries) and PDF content fetched via web_fetch (referenced in SKILL.md).\n
  • Boundary markers: None present. The skill does not use delimiters or instructions to ignore embedded commands in the processed text.\n
  • Capability inventory: Executes shell scripts (scripts/search_arxiv.sh) and writes to the file system (memory/RESEARCH_LOG.md).\n
  • Sanitization: None detected. External content is used to generate summaries and log entries without escaping or validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 30, 2026, 10:56 AM