Skills
skills/neolabhq/context-engineering-kit/setup-arxiv-mcp/Gen Agent Trust Hub

setup-arxiv-mcp

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill interpolates the $ARGUMENTS variable directly into its instructions without the use of boundary markers or sanitization. This allows potentially malicious user input to influence the agent's behavior during the setup process (Indirect Prompt Injection).
  • Ingestion point: SKILL.md (via $ARGUMENTS)
  • Boundary markers: Absent
  • Capability inventory: mcp-add, mcp-find, mcp-config-set, and file system write operations.
  • Sanitization: Absent
  • [EXTERNAL_DOWNLOADS]: The skill uses mcp-add to install third-party MCP servers (paper-search and arxiv-mcp-server). While these are necessary for the skill's stated purpose, they involve adding external code and tools to the agent's environment from third-party sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 05:13 AM