paper-search
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions provide command templates that interpolate user search queries directly into grep commands.
- Evidence:
grep -r -i "查询关键词" "20_Research/Papers/ --include="*.md"in SKILL.md. - Potential Impact: If the underlying agent execution environment passes these strings to a shell, a malicious user query containing shell metacharacters could trigger unauthorized command execution.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external files that could contain malicious instructions.
- Ingestion points: Files within the
20_Research/Papers/directory are read and searched. - Boundary markers: The skill does not define explicit delimiters or instructions to the agent to ignore instructions embedded within the paper notes.
- Capability inventory: The skill has access to
Read,Grep, andGlobtools to interact with the file system. - Sanitization: There is no requirement or evidence of sanitizing the content read from files before it is processed by the agent or included in the output.
Audit Metadata