Traversing Citation Networks
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (paper titles, abstracts, and citation contexts) from the Semantic Scholar API, which could potentially contain malicious instructions intended to influence the agent's behavior (Indirect Prompt Injection). \n
- Ingestion points: Metadata and text content fetched from
api.semanticscholar.org.\n - Boundary markers: Data is received in JSON format, providing structural boundaries, but the text content is subsequently evaluated by the agent for relevance.\n
- Capability inventory: Uses
curlfor network requests and writes research findings/tracking data to local JSON and Markdown files (SUMMARY.md,papers-reviewed.json, andcitations/citation-graph.json).\n - Sanitization: No explicit sanitization or instructions to ignore embedded instructions are present when processing fetched text.\n- [EXTERNAL_DOWNLOADS]: The skill fetches paper metadata and citation information from the well-known Semantic Scholar API (
api.semanticscholar.org). This is an expected and legitimate operation for the skill's research purpose.\n- [COMMAND_EXECUTION]: Employs thecurlcommand within bash snippets to interact with the Semantic Scholar API. These commands are used solely for fetching research data and do not include dangerous flags or arbitrary inputs.
Audit Metadata