analyze-paper
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of ingesting and analyzing untrusted data from external URLs (via
WebFetch) and local PDF files (viaRead). This content is stored in the{paper_content}variable and processed by multiple sub-agents. The instructions lack explicit boundary markers or sanitization logic to prevent adversarial instructions embedded within a paper from overriding agent directives. - [COMMAND_EXECUTION]: The skill uses the
Writetool to save analysis reports to the local file system. The file path is dynamically constructed using the paper's title. While this behavior is essential for the skill's operation, the use of user-influenced strings in file operations is a standard point of review. No evidence of malicious path traversal or arbitrary command execution was found. - [DATA_EXFILTRATION]: The skill performs network operations using
WebSearchandWebFetchto retrieve academic metadata and technical commentary. These operations are restricted to the domain of paper analysis (e.g., arXiv, Google Scholar). The skill does not attempt to access or exfiltrate sensitive system files, environment variables, or hardcoded credentials.
Audit Metadata