Skills
NYC
skills/microck/ordinary-claude-skills/arxiv-search/Gen Agent Trust Hub

arxiv-search

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Unverifiable Dependencies] (LOW): The skill documentation recommends installing the arxiv Python library. Per the [TRUST-SCOPE-RULE], this finding is downgraded to LOW because the author langchain-ai is on the trusted organizations list and the package is the standard tool for the skill's stated purpose.
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the arXiv API. 1. Ingestion point: Abstract and title data from arXiv. 2. Boundary markers: Blank lines separate papers. 3. Capability inventory: Script appears to only read from the API and print to stdout. 4. Sanitization: Not explicitly mentioned. This constitutes a standard injection surface for search tools.
  • [Trusted Source] (SAFE): The skill is authored by langchain-ai, which is a verified trusted entity, reducing the likelihood of malicious intent in the implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:11 PM