Skills
skills/k-dense-ai/scientific-agent-skills/bgpt-paper-search/Gen Agent Trust Hub

bgpt-paper-search

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructions direct users to execute code using npx (e.g., npx bgpt-mcp and npx mcp-remote). Running packages directly from a public registry like npm allows for arbitrary code execution on the user's system if the package is malicious or compromised.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and execution of external scripts from the npm registry. It also establishes a network connection to a remote endpoint (https://bgpt.pro/mcp/sse) which is managed by a third party not identified as a trusted vendor.
  • [DATA_EXFILTRATION]: While the skill's primary purpose is searching scientific papers, it establishes a persistent connection to a remote server. Without established trust in the endpoint or the MCP client used, there is a risk that information from the agent's environment could be sent to the remote server during tool execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 10:11 PM