implement-paper
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves research paper metadata and markdown content from alphaxiv.org using curl. This is a legitimate operation to provide the agent with the necessary context to build the interactive notebook.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (research papers) which could theoretically contain instructions aimed at the agent. However, this is a known risk inherent to processing any external documentation.
- Ingestion points: External markdown fetched from alphaxiv.org in references/fetching-papers.md.
- Boundary markers: No explicit markers are defined in the fetch logic to isolate the paper content from the agent's system prompt.
- Capability inventory: The skill can write files (creating notebooks), perform network operations (curl), and generate executable code (Python and JavaScript widgets).
- Sanitization: No explicit sanitization or filtering of the fetched paper content is performed before processing.
- [SAFE]: The skill includes security-conscious guidelines in references/anywidget.md, specifically instructing the agent not to read sensitive files such as ~/.ssh, ~/.env, or /etc/ when creating custom anywidget components.
Audit Metadata