paper-search
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
curlpiped topython3to parse JSON data. The Python scripts are provided as inline strings within the skill metadata rather than being fetched from remote sources. - [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known academic services including Semantic Scholar (
api.semanticscholar.org), CrossRef (api.crossref.org), and DOI (doi.org). These interactions are documented as neutral data retrieval from established research infrastructure. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted strings from external APIs.
- Ingestion points: Paper titles, author names, and abstracts retrieved from Semantic Scholar and CrossRef APIs are reflected in the agent's output.
- Boundary markers: No specific delimiters or instructions are used to separate external paper content from agent instructions.
- Capability inventory: The skill utilizes
curlfor network requests andpython3for data processing. - Sanitization: No sanitization or escaping is performed on the data returned from the APIs before it is printed to the terminal or agent context.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.crossref.org/works?query=transformer+attention&rows=5, https://api.semanticscholar.org/graph/v1/paper/search?query=large+language+model+agent&limit=10&fields=title,abstract,year,citationCount,authors,url, https://api.semanticscholar.org/graph/v1/paper/{paper_id}?fields=title,abstract,year,citationCount,authors,references,url - DO NOT USE without thorough review
Audit Metadata