Skills
skills/mathews-tom/armory/citation-audit/Gen Agent Trust Hub

citation-audit

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface (Category 8). The skill is designed to ingest and process data from external, untrusted sources which could contain instructions meant to influence agent behavior.
  • Ingestion points: The skill fetches metadata and text content from external URLs, conference sites, and arXiv (SKILL.md, Phase 2 and 3).
  • Boundary markers: Absent. There are no instructions or delimiters specified to ensure the fetched content is treated strictly as data rather than instructions.
  • Capability inventory: The skill has file-write permissions to modify .bib and .tex files (SKILL.md, Phase 5).
  • Sanitization: Absent. The skill does not specify any validation or filtering for the content retrieved from external sources.
  • [COMMAND_EXECUTION]: Automated File System Modification. The skill's 'fix' mode (Phase 5) allows the agent to modify local manuscript files (.bib and .tex). While this is the primary functionality of the skill, it represents a high-impact capability that could be misused if the agent's logic is subverted by malicious content in a cited paper.
  • [EXTERNAL_DOWNLOADS]: Fetches academic paper metadata and abstracts from arXiv and other research repositories. These operations target well-known academic services to facilitate the citation audit process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 02:40 PM