Skills
skills/midnightv1/claude-code-feishu/arxiv-tracker/Gen Agent Trust Hub

arxiv-tracker

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill connects to the arXiv API to download paper metadata, including titles and abstracts, which are then processed by local logic and remote LLMs.
  • [COMMAND_EXECUTION]: The ArxivEngine class in scripts/arxiv_engine.py uses subprocess.run to execute a separate tool, doc_ctl.py, found in the .claude/skills/feishu-doc directory. This is used to create and update Feishu documents based on the skill's output.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data (paper titles and abstracts from arXiv) and interpolates them directly into prompts for Gemini and Claude models.
  • Ingestion points: Paper data is fetched via the arxiv library in scripts/arxiv_engine.py.
  • Boundary markers: The prompts in prompts/evaluate.md and prompts/trend_round1.md lack delimiters or explicit instructions to treat paper content as data rather than instructions.
  • Capability inventory: The skill possesses the capability to write to local databases and execute system commands via subprocess.run to interact with Feishu.
  • Sanitization: There is no evidence of filtering or escaping paper content before it is used to build LLM prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 06:31 AM