Skills
skills/k-dense-ai/scientific-agent-skills/pyzotero/Gen Agent Trust Hub

pyzotero

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted bibliographic data from the Zotero Web API.
  • Ingestion points: Data enters the agent's context through methods like zot.items(), zot.everything(), and zot.fulltext_item() as seen in SKILL.md, references/read-api.md, and references/full-text.md.
  • Boundary markers: The skill does not implement delimiters or specific instructions to the agent to treat data from the Zotero API as potentially untrusted.
  • Capability inventory: The skill uses Bash, Write, and Edit tools, allowing for file system operations (open, write) and shell commands (uv add) as demonstrated in references/files-attachments.md and references/cli.md.
  • Sanitization: There is no evidence of content sanitization or validation of the fields (e.g., titles, abstracts, notes) retrieved from the API before they are handled by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 10:13 PM