auto-paper-demo
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches research paper content and AI-generated overviews from alphaxiv.org using curl based on user-supplied paper IDs.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core functionality of processing external data.
- Ingestion points: Markdown content fetched from alphaxiv.org.
- Boundary markers: No specific delimiters or instructions are used to distinguish the fetched external content from the agent's internal logic.
- Capability inventory: The agent can perform network requests (curl) and generate executable Python/JavaScript code within a marimo notebook context.
- Sanitization: No sanitization, filtering, or validation of the remote markdown content is implemented before it is analyzed and used to generate the notebook.
- [PROMPT_INJECTION]: Instructions specifically direct the agent to hide implementation code (hide_code=True) and move inputs/outputs to the top. While primarily a UX feature for notebooks, this suppresses the visibility of the code generated by the agent during the automated process.
Audit Metadata