Skills
skills/ligphidonk/oh-my--paper/research-news/Gen Agent Trust Hub

research-news

Warn

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple Python scripts (e.g., search_arxiv.py, scan_existing_notes.py, link_keywords.py) located in a specific host directory server/scripts/research-news/. These scripts are not included in the skill package, and their logic cannot be verified.
  • [DATA_EXFILTRATION]: The workflow requires the agent to scan a directory path defined by $VAULT_PATH to build keyword indexes. This represents a data exposure risk as it accesses personal note repositories (common in Obsidian or Logseq workflows) using unverified local scripts.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from external sources (arXiv abstracts, social media posts from X and Xiaohongshu).
  • Ingestion points: Data retrieved from arXiv API, Semantic Scholar API, X (Twitter), and Xiaohongshu via unverified scripts.
  • Boundary markers: No delimiters or instructions are provided to the agent to ignore or sanitize embedded instructions within the ingested paper abstracts or social media content.
  • Capability inventory: The skill uses python command execution and the write_file tool to generate outputs and linked documents.
  • Sanitization: No validation or sanitization steps are defined for the data entering the recommendation pipeline.
  • [EXTERNAL_DOWNLOADS]: The skill mentions a source repository at https://github.com/evil-read-arxiv. This repository and organization are not recognized as trusted or well-known services.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 19, 2026, 01:26 PM