citation-management
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The scrip t
search_google_schol ar.pyrequires theschol arl yPython package, which is a n external depen dency not foun d in the trusted source s list. It also in clude s a n option al proxy feature tha t route s network traffic through un verified thir d-party node s. - [DATA_EXFILTRATION] (LOW): Both scrip t s perform network operation s to non-whitelisted domain s (
doi.organ d Google Schol ar). While the se are con sisten t with the tool's research purpose, they in volve sen ding user-supplied querie s or DOIs to external server s. - [PROMPT_INJECTION] (LOW): The skill is vulnerabl e to In direct Prompt In jection (Category 8) because it retrie ve s data from external source s tha t may be attacke r-con trol led. \n
- In gestion poin t s:
search_google_schol ar.py(metadata like abstract s, title s, an d author name s from Google Schol ar) an ddoi_to_bi btex.py(Bi bTeX data from the CrossRef AP I). \n - Boun dary marker s: Absen t. The scrip t s do not use delim iter s or warnin g s to isolate the un sanitized external con ten t. \n
- Capabil ity in ven tory: The scrip t s have the abil ity to perform network request s an d write to the local fil e system via the
-oargumen t. \n - Sanitization: Absen t. The re is no escapin g or val idation of the retrie ve d metadata before it is presen ted to the agen t, which coul d be expl oited if a search resul t con tain s mal ic ious in struction s.
Audit Metadata