Skills
skills/ligphidonk/oh-my--paper/paper-finder/Gen Agent Trust Hub

paper-finder

Warn

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill footer references an external GitHub repository ('github.com/evil-read-arxiv') which is not from a known trusted organization. The name 'evil-read-arxiv' and the metadata references to 'Dr. Claw' are suspicious indicators for an AI skill.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from user-provided paper notes.
  • Ingestion points: Reads content from arbitrary '.md' files in the papers directory.
  • Boundary markers: Absent; there are no instructions to the agent to treat note content as untrusted or to ignore instructions found within the files.
  • Capability inventory: The skill utilizes 'read_file' and 'write_file' tools, which could be abused if malicious instructions are present in the notes.
  • Sanitization: No sanitization or validation of the content retrieved from the papers is performed before the agent processes it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 19, 2026, 01:26 PM