Skills
skills/kirkluokun/awesome-a-stock-openclawskills/arxiv-watcher/Gen Agent Trust Hub

arxiv-watcher

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local shell script scripts/search_arxiv.sh to interact with the ArXiv API. This is a core part of its intended functionality.
  • [EXTERNAL_DOWNLOADS]: Fetches research data from the official ArXiv API at export.arxiv.org. ArXiv is a well-known academic repository and is considered a trusted source for this operation.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted external content.
  • Ingestion points: XML entry data (titles and summaries) from the ArXiv API and PDF content extracted via the web_fetch capability.
  • Boundary markers: Absent. The skill instructions do not specify the use of delimiters or provide warnings to the agent to ignore instructions embedded within the fetched research data.
  • Capability inventory: The skill can execute local scripts and write summary logs to the file system at memory/RESEARCH_LOG.md.
  • Sanitization: Absent. There is no requirement for the agent to sanitize or validate the external research content before presenting it to the user or recording it to memory.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:23 AM