Skills
skills/lingzhi227/agent-research-skills/citation-management/Gen Agent Trust Hub

citation-management

Fail

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • CREDENTIALS_UNSAFE (HIGH): The skill instructions in SKILL.md include a command that attempts to scrape an API key from a specific local path: /Users/lingzhi/Code/keys.md. This hardcoded path targets a specific user environment and risks exposure of sensitive information. Evidence: $(grep S2_API_Key /Users/lingzhi/Code/keys.md ...).
  • COMMAND_EXECUTION (MEDIUM): The skill uses shell command substitution ($(...)) to execute a pipeline of commands including grep, cut, and tr on the host system.
  • DATA_EXFILTRATION (LOW): The harvest_citations.py script reads local .tex and .bib files and transmits search queries derived from their content to the Semantic Scholar API.
  • PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface as it ingests untrusted LaTeX data and uses it in network operations. 1. Ingestion points: harvest_citations.py (via --tex and --bib arguments). 2. Boundary markers: Absent. 3. Capability inventory: Network requests via urllib.request. 4. Sanitization: Absent; content extracted from files is used directly in URL-encoded search queries.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 22, 2026, 05:00 AM