Skills
skills/k-dense-ai/claude-scientific-skills/arxiv-database/Gen Agent Trust Hub

arxiv-database

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes paper titles and abstracts from the external arXiv API. Malicious content within a preprint's metadata could attempt to override the agent's instructions during downstream processing.
  • Ingestion points: scripts/arxiv_search.py fetches data from the arXiv Atom API.
  • Boundary markers: The extracted text is returned in structured JSON format, but the script does not wrap the content in protective delimiters or provide instructions to the agent to ignore embedded commands.
  • Capability inventory: The skill has the capability to write files to the local disk (download_pdf) and make network requests via requests.
  • Sanitization: The script performs whitespace normalization and XML parsing but does not sanitize the text content for potential injection strings.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to export.arxiv.org for metadata and arxiv.org for PDF downloads. These connections are made to a well-known, reputable service for scientific research and are necessary for the skill's primary functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 05:43 PM