Skills
skills/lingzhi227/claude-skills/literature-search/Gen Agent Trust Hub

literature-search

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): In SKILL.md, the command to execute the Semantic Scholar search attempts to retrieve an API key using grep from a hardcoded absolute path: /Users/lingzhi/Code/keys.md. Targeting specific private files for secrets is a high-risk pattern.
  • [DATA_EXFILTRATION] (MEDIUM): The skill reads from a local sensitive file and passes the content as a plaintext command-line argument. This can expose secrets to system logs, process lists, and shell history.
  • [PROMPT_INJECTION] (LOW): The skill downloads untrusted LaTeX source code from arXiv via scripts/download_arxiv_source.py. This presents a surface for indirect prompt injection if the agent later processes these files. Evidence: 1. Ingestion points: arxiv.org source downloads. 2. Boundary markers: Absent. 3. Capability inventory: urllib.request network calls and os.makedirs file writes. 4. Sanitization: Only filename characters are sanitized; the downloaded content is not.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill makes requests to arxiv.org, api.crossref.org, and api.openalex.org. These are reputable academic sources, so the download finding is downgraded per the [TRUST-SCOPE-RULE].
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 05:23 AM