start-my-day
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts included in the package (
search_arxiv.py,scan_existing_notes.py,link_keywords.py) and invokes other agent skills (extract-paper-images,paper-analyze) to automate the research workflow.- [EXTERNAL_DOWNLOADS]: Fetches paper metadata, abstracts, and citation counts from the official APIs of well-known research platforms, specificallyexport.arxiv.organdapi.semanticscholar.org.- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to the ingestion and processing of untrusted external content. - Ingestion points: Paper titles, abstracts, and author information retrieved via
scripts/search_arxiv.pyfrom external APIs. - Boundary markers: Absent; paper metadata is interpolated directly into generated markdown files and potentially used in subsequent prompts for the
paper-analyzeskill without delimiters or 'ignore' instructions. - Capability inventory: The skill possesses capabilities for local script execution, file system access (Obsidian vault), and calling other functional skills.
- Sanitization: No input validation or filtering is performed on the retrieved paper content before it is displayed or processed by the model.
Audit Metadata