academic-research
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted third-party data.
- Ingestion points: The skill ingests academic paper titles, author names, and abstracts from the OpenAlex API through the
scholar-search.pyandliterature-review.pyscripts. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands were found in the skill's documentation for handling fetched content.
- Capability inventory: The skill executes local Python scripts, writes output to local files (e.g.,
review.md), and performs network requests to the OpenAlex API. - Sanitization: There is no evidence of sanitization or filtering of external academic content before it is provided to the agent context.
- [COMMAND_EXECUTION]: The skill invokes local Python scripts (
scripts/scholar-search.pyandscripts/literature-review.py) to perform its core functions. These scripts were not included in the provided file set, so their internal logic and potential for unsafe operations (like shell injection or unsafe deserialization) cannot be verified. The skill also writes cache data to/tmp/litreview_cache/and generates output files as specified by the user.
Audit Metadata