paper-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and analyzing external data from research papers.
- Ingestion points: The skill reads external content from arXiv (via HTML or abstract pages) and fetches metadata from the Semantic Scholar API (SKILL.md).
- Boundary markers: There are no instructions to use delimiters or ignore potential embedded instructions within the papers, creating a path for attackers to influence agent behavior through malicious paper content.
- Capability inventory: The agent possesses capabilities to execute shell commands via the
notebooklmCLI and perform web requests, which could be misused if an injection is successful. - Sanitization: The skill does not define any validation or filtering steps for the data retrieved from external academic repositories.
- [EXTERNAL_DOWNLOADS]: The skill retrieves research data from reputable external repositories.
- Evidence: Fetches paper metadata from
api.semanticscholar.organd full content fromarxiv.org(SKILL.md). - [COMMAND_EXECUTION]: The skill instructs the agent to utilize a command-line tool for managing research data.
- Evidence: Orchestrates several commands using the
notebooklmCLI, includingnotebooklm use,notebooklm source add, andnotebooklm ask(SKILL.md).
Audit Metadata