paper-lookup
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves academic metadata and full-text articles from well-known and reputable scholarly services, including NCBI (PubMed/PMC), arXiv, Crossref, and Semantic Scholar. These communications are restricted to documented REST API endpoints for the purpose of research data retrieval.
- [DATA_EXPOSURE]: The skill provides instructions for managing API keys for academic services using standard security practices, such as checking environment variables or
.envfiles. It does not hardcode credentials or expose sensitive user data. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted content in the form of academic paper abstracts and titles from external APIs.
- Ingestion points: Data enters the context from 10 external academic REST APIs described in the
references/directory. - Boundary markers: The skill does not specify the use of delimiters or 'ignore' instructions when presenting retrieved paper data to the user.
- Capability inventory: The skill is restricted to making HTTP GET requests via platform fetch tools or
curl. It lacks capabilities for writing to the file system or executing arbitrary code based on input. - Sanitization: No explicit sanitization or filtering of the retrieved academic content is performed before it is processed by the agent.
- [SAFE]: The skill does not contain any obfuscated code, hidden instructions, persistence mechanisms, or unauthorized privilege escalation attempts. Its behavior is fully consistent with its stated purpose as a scholarly literature search tool.
Audit Metadata