arxiv-search
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches paper metadata and PDF files from 'arxiv.org' and 'export.arxiv.org'. These are well-known, reputable services for academic preprints.
- [COMMAND_EXECUTION]: Uses
curlto fetch XML data andpython3 -cto parse it. While the automated scan flagged this as remote code execution, the Python script is a static string within the skill used solely for parsing XML data and is not downloaded from a remote source. - [PROMPT_INJECTION]: The skill processes external content (titles and summaries of papers) without explicit sanitization, creating a surface for indirect prompt injection. However, this is inherent to any tool that summarizes web content.
- Ingestion points: XML data from 'export.arxiv.org' processed in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Shell execution (curl), Python execution, and file writing to '/tmp'.
- Sanitization: The script extracts specific XML tags but does not filter for instructional content.
Audit Metadata