academic-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill documentation includes a specific local user path (/Users/alice/worlds/l/mcp_servers.json). Referencing internal directory structures and specific usernames in a shared skill provides unnecessary reconnaissance information about the host system.
- [PROMPT_INJECTION] (LOW): The skill has a high surface area for indirect prompt injection as it processes untrusted data from academic repositories. Ingestion points: Paper metadata, search results, and PDF content from multiple external sources (arXiv, PubMed, etc.). Boundary markers: No explicit delimiters or instructions are provided to help the agent distinguish between paper content and its own operational instructions. Capability inventory: The skill allows for searching, citation network analysis, and file retrieval. Sanitization: No evidence of sanitization or validation of the fetched academic data before processing.
- [PROMPT_INJECTION] (LOW): The skill contains pseudo-technical metadata ('Cat# Integration') which uses deceptive terminology. While not functional code, this metadata could mislead an agent's reasoning processes or state management.
Audit Metadata