Answering Research Questions
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands (
mkdir -p) to create local directory structures for organizing research papers and metadata.\n- [DATA_EXFILTRATION]: The skill prompts the user for an email address to be used with the Unpaywall API. While this is a requirement of the service provider, it constitutes the collection and potential transmission of PII.\n- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to generate and execute Python scripts (e.g.,generate_summary.py) and code snippets to process, filter, and summarize data retrieved from external research databases.\n- [PROMPT_INJECTION]: There is a vulnerability surface for indirect prompt injection because the skill ingests untrusted data from external research papers and incorporates it into generated reports and scripts without explicit sanitization.\n - Ingestion points: Abstracts and full-text content from PubMed, Semantic Scholar, and Unpaywall via integrated skills.\n
- Boundary markers: None specified in the instructions to delimit external content from internal instructions.\n
- Capability inventory: File system writes, shell command execution, and script generation/execution.\n
- Sanitization: No evidence of escaping or validating external text before processing or inclusion in reports.
Audit Metadata