hv-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill requires running a local Python script (
scripts/md_to_pdf.py) and installing standard Python dependencies (weasyprint,markdown). These commands are used solely for the stated purpose of generating PDF reports and do not involve administrative privileges or suspicious flags. - [EXTERNAL_DOWNLOADS]: Fetches academic data from the well-known research repository arXiv via its official API. This is a legitimate and safe data source for research purposes.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests external web data. It lacks explicit boundary markers for this data, which is a common trait in research-focused skills but remains a factor for user awareness.
- [DATA_EXFILTRATION]: No unauthorized data access or exfiltration patterns were found. The skill's use of search and fetch tools is consistent with its role as a deep research assistant.
Audit Metadata