Skills
skills/k-dense-ai/scientific-agent-skills/citation-management/Gen Agent Trust Hub

citation-management

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill interfaces with several well-known academic and scientific metadata services.
  • Evidence:
  • Queries the CrossRef API (api.crossref.org) for DOI metadata in scripts/extract_metadata.py and scripts/doi_to_bibtex.py.
  • Queries the NCBI PubMed E-utilities API (eutils.ncbi.nlm.nih.gov) for biomedical literature metadata in scripts/search_pubmed.py and scripts/extract_metadata.py.
  • Queries the arXiv API (export.arxiv.org) for preprint metadata in scripts/extract_metadata.py.
  • These are well-known, trusted scientific infrastructure services.
  • [DATA_EXFILTRATION]: No sensitive data exposure or exfiltration patterns were identified.
  • Evidence:
  • The scripts utilize standard environment variables (NCBI_API_KEY, NCBI_EMAIL) for authentication with official services, which is a recommended security practice for API management.
  • Network operations are restricted to the official domains of the metadata providers mentioned above.
  • [COMMAND_EXECUTION]: The skill documentation describes command-line usage of its bundled Python scripts for searching and formatting.
  • Evidence:
  • Scripts like scripts/format_bibtex.py and scripts/validate_citations.py perform local file processing using regex and standard logic.
  • The allowed-tools includes Bash, which is required for the intended functionality of running these citation management scripts.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses an ingestion surface for untrusted data from external academic APIs which could theoretically contain malicious instructions in titles or abstracts.
  • Evidence:
  • Ingestion points: External metadata is fetched in scripts/search_google_scholar.py, scripts/search_pubmed.py, and scripts/extract_metadata.py.
  • Boundary markers: Not explicitly defined in the provided scripts for text interpolation.
  • Capability inventory: The skill has the ability to write to files (Write, Edit) and execute shell commands (Bash).
  • Sanitization: The scripts perform technical BibTeX formatting and regex cleaning but do not specifically filter for natural language prompt injection. However, as this data is primarily used for generating bibliography files, the risk is negligible.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 10:27 PM