Skills
skills/jimmc414/kosmos/literature-review/Gen Agent Trust Hub

literature-review

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (LOW): The script scripts/generate_pdf.py uses subprocess.run to call external tools pandoc and xelatex for document conversion.
  • Evidence: Found in scripts/generate_pdf.py where it constructs a command list and executes it via subprocess.run(cmd, ...). It uses list-based arguments which mitigates shell injection risks.
  • EXTERNAL_DOWNLOADS (LOW): The script scripts/verify_citations.py performs network requests to external academic APIs to verify citation data.
  • Evidence: requests.get calls to https://doi.org/api/handles/ and https://api.crossref.org/works/ in scripts/verify_citations.py. These are legitimate academic sources for citation metadata.
  • DATA_EXFILTRATION (SAFE): While the skill makes network requests, they are limited to DOI verification and do not transmit sensitive local files or hardcoded credentials.
  • PROMPT_INJECTION (SAFE): No patterns of prompt injection, role-play instructions, or instruction-override markers were detected in the markdown or script files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM