Skills
skills/lingzhi227/claude-skills/citation-management/Gen Agent Trust Hub

citation-management

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The SKILL.md file contains a command line example: grep S2_API_Key /Users/lingzhi/Code/keys.md. This reveals a specific, sensitive file path and instructs the agent to extract secrets from it, facilitating credential theft.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8). Ingestion points: The search_semantic_scholar function in scripts/harvest_citations.py retrieves external data from api.semanticscholar.org. Boundary markers: None; data is processed as trusted. Capability inventory: The skill can read/write local files and perform network requests via urllib. Sanitization: There is no sanitization or instruction-filtering for the titles, abstracts, or metadata retrieved from the external API before they are written to bibliography files.
  • [DATA_EXFILTRATION] (MEDIUM): While the network usage is for a legitimate API, the explicit template for reading local secrets combined with the capability to transmit data externally via the Semantic Scholar search script creates a risk of data exfiltration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 05:23 AM