literature-review
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow specifies executing a local Python script (scripts/arxiv_search.py) using the uv tool to perform academic searches on arXiv. This is a standard and legitimate procedure for the skill's intended research functionality.
- [EXTERNAL_DOWNLOADS]: The skill initiates network requests to well-known academic services, including the Semantic Scholar API and Connected Papers, to retrieve paper metadata and citation graphs. These operations are necessary for the literature review process and target established academic domains.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill ingests and processes content (abstracts and PDFs) from external academic sources. Mandatory Evidence Chain: 1. Ingestion points: arXiv search results and Semantic Scholar API responses mentioned in SKILL.md (Phases 2 and 4). 2. Boundary markers: No delimiters or explicit instructions to the agent to ignore embedded prompts are defined in the workflow. 3. Capability inventory: Shell command execution via uv run and local file access. 4. Sanitization: No sanitization or validation of the ingested paper content is described in the workflow instructions.
Audit Metadata