Skills
NYC
skills/ovachiever/droid-tings/citation-management/Gen Agent Trust Hub

citation-management

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (LOW): Surface for Indirect Prompt Injection detected. The scripts ingest data from external, untrusted sources which could be manipulated by an attacker to include hidden instructions.
  • Ingestion points: scripts/doi_to_bibtex.py fetches BibTeX metadata from the CrossRef API via doi.org. scripts/search_google_scholar.py fetches publication titles, authors, and abstracts from Google Scholar results.
  • Boundary markers: Absent. The scripts return retrieved data to the agent as raw strings or JSON without delimiters or warnings to ignore embedded instructions.
  • Capability inventory: Both scripts have the capability to write output to local files (-o argument) and perform network operations.
  • Sanitization: Absent. There is no sanitization or validation of the retrieved metadata before it is presented to the agent.
  • [EXTERNAL_DOWNLOADS] (LOW): The scripts facilitate network communication with external domains.
  • scripts/doi_to_bibtex.py makes GET requests to https://doi.org/ to retrieve citation data.
  • scripts/search_google_scholar.py uses the scholarly library to scrape Google Scholar and optionally uses ProxyGenerator to fetch free proxies from various external sources to evade rate limiting.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:49 PM