arxiv-monitor
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses Bash to invoke curl for API requests and uses Python's urllib.parse to safely encode search keywords.
- [EXTERNAL_DOWNLOADS]: Fetches paper metadata from the official ArXiv API at export.arxiv.org.
- [PROMPT_INJECTION]: The skill processes untrusted data from an external source (ArXiv) and stores it in a markdown file used for agent briefings, creating an indirect prompt injection surface. 1. Ingestion points: Paper titles and summaries fetched from the ArXiv API. 2. Boundary markers: No explicit delimiters or instructions are used to separate external content in the arxiv-digest.md file. 3. Capability inventory: Includes network access via curl, filesystem writes, and task scheduling via CronCreate. 4. Sanitization: The content is truncated to 300 characters but not validated or sanitized to prevent the inclusion of malicious instructions.
Audit Metadata