Skills
skills/k-dense-ai/claude-scientific-skills/bgpt-paper-search/Gen Agent Trust Hub

bgpt-paper-search

Fail

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends the command npx bgpt-mcp, which downloads and executes a package from the public npm registry. This source is not part of the established trusted vendor list or well-known service providers.
  • [REMOTE_CODE_EXECUTION]: The MCP configuration uses npx mcp-remote to connect to an external endpoint at https://bgpt.pro/mcp/sse. Connecting to unverified remote servers allows external entities to potentially send instructions or payloads that the agent might execute, especially given that the Bash tool is permitted.
  • [COMMAND_EXECUTION]: The setup instructions provide shell commands (npx bgpt-mcp) that perform direct network requests and execute binary code on the user's host machine.
  • [PROMPT_INJECTION]: The skill is designed to ingest data from an external, third-party database (bgpt.pro).
  • Ingestion points: Paper search results (methods, results, conclusions) are retrieved from a remote server and provided to the agent.
  • Boundary markers: None identified; retrieved data is not wrapped in protective delimiters.
  • Capability inventory: The skill allows the Bash tool, which could be exploited if malicious instructions are embedded in the scientific data.
  • Sanitization: There are no documented steps for validating or escaping the contents of the retrieved paper data before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 31, 2026, 08:32 PM