biorxiv-database
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHNO_CODEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [NO_CODE] (INFO): The provided input contains only
metadata.json. The core logic defined inSKILL.mdand any associated scripts are missing. Analysis is based solely on the capabilities declared in the metadata description. - [PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection surface (Category 8).
- Ingestion points: Metadata indicates the skill retrieves data from the bioRxiv preprint server.
- Boundary markers: Unknown due to missing implementation code.
- Capability inventory: Metadata explicitly states the skill can "download PDFs," implying file system write access.
- Sanitization: Unknown due to missing implementation code.
- Risk: Malicious actors could upload preprints to bioRxiv containing instructions designed to hijack the agent's logic when it processes the paper's metadata or content.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The tool is designed to download files from an external repository. Without the underlying code, it is impossible to verify if the skill enforces strict URL validation, prevents path traversal during file saving, or uses secure protocols.
Recommendations
- AI detected serious security threats
Audit Metadata