arxiv-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily consists of cognitive instructions for the agent to use
WebFetchto query the public arXiv API (export.arxiv.org) andExafor semantic search. No malicious URLs or command injections were detected. - [SAFE]: The included JavaScript files (
main.cjs,pre-execute.cjs,post-execute.cjs) are benign stubs that perform basic project root discovery or simple metric recording without any network calls or sensitive data access. - [SAFE]: Data processing is limited to extracting metadata (titles, authors, abstracts) from academic papers. While papers are external content, the risk of indirect prompt injection is minimal given the academic nature of the source and the use of specific extraction prompts.
- [SAFE]: The skill documentation includes references to a third-party GitHub repository for informational purposes, but it does not automate the download or execution of any binaries or scripts from that source.
Audit Metadata