citation-management
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a legitimate research tool that utilizes official scholarly APIs and standard libraries. It adheres to best practices, such as implementing rate-limiting delays and using environment variables for API credentials.
- [EXTERNAL_DOWNLOADS]: Several scripts (
extract_metadata.py,search_pubmed.py, anddoi_to_bibtex.py) perform HTTP requests to well-known academic services to fetch publication metadata. These include CrossRef (api.crossref.org), NCBI (eutils.ncbi.nlm.nih.gov), and arXiv (export.arxiv.org). These requests are informative and documented as essential to the skill's research functionality. - [COMMAND_EXECUTION]: The skill relies on Python scripts executed via the Bash tool to perform its primary tasks, such as searching databases, extracting metadata, and formatting BibTeX files. These scripts are provided within the skill and perform expected, non-malicious logic.
- [PROMPT_INJECTION]: The skill processes external data (e.g., paper titles and abstracts) retrieved from academic APIs, which represents a surface for indirect prompt injection.
- Ingestion points: External metadata is ingested in
scripts/extract_metadata.pyandscripts/search_pubmed.py. - Boundary markers: None implemented; data is processed into structured formats like BibTeX or JSON.
- Capability inventory: The skill has capabilities for file system access (Read/Write) and Bash command execution.
- Sanitization: Metadata is wrapped in BibTeX braces for formatting, but no specific sanitization for potential LLM instructions is performed.
- Ingestion points: External metadata is ingested in
Audit Metadata