paper-lookup
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes a surface for Indirect Prompt Injection (Category 8). Ingestion points: Untrusted scholarly content (titles, abstracts, and paper metadata) is retrieved from external APIs and reference files such as references/pubmed.md and references/arxiv.md. Boundary markers: There are no specific instructions to wrap external content in delimiters or to ignore embedded instructions. Capability inventory: The agent is empowered to use tools like WebFetch, web_fetch, or curl for network access. Sanitization: No mechanism for escaping or validating the retrieved API data is present before the agent processes it.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch data from well-known technology companies and official scientific domains including ncbi.nlm.nih.gov, arxiv.org, biorxiv.org, core.ac.uk, crossref.org, openalex.org, semanticscholar.org, and unpaywall.org.
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use curl via the shell as a fallback tool for fetching data from REST endpoints when primary fetch tools are unavailable.
Audit Metadata