literature-review
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python scripts (
search_semantic_scholar.py,search_openalex.py, andsearch_arxiv.py) to perform literature searches. These scripts are executed via the command line with arguments derived from user input and persona-generated queries. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data from external academic sources. * Ingestion points: Results from academic database searches are ingested into the context for synthesis and dialogue generation (SKILL.md, Step 2). * Boundary markers: The prompts do not specify clear boundary markers to isolate external search results from the agent's instructions. * Capability inventory: The skill has the capability to execute shell commands to run its internal search scripts. * Sanitization: There is no evidence of sanitization or filtering of the text retrieved from papers or summaries before they are processed by the agent.
Audit Metadata