academic-research
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection by processing untrusted data from an external academic API.
- Ingestion points: Paper metadata, including titles, abstracts, and TLDR summaries, are ingested from api.semanticscholar.org via the search_papers.py script.
- Boundary markers: While output is provided in structured JSON or BibTeX formats, the agent instructions lack boundary markers or explicit directions to disregard instructions found within the scholarly content.
- Capability inventory: The skill possesses network access to a well-known service and the ability to output results to the console; it does not have the capability to write to the file system or execute arbitrary shell commands.
- Sanitization: There is no evidence of sanitization or filtering of the retrieved text to remove potential injection strings before it is processed by the agent.
Audit Metadata