academic-search
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Prompt Injection (LOW): The skill ingests untrusted metadata from arXiv, creating a surface for indirect prompt injection. 1. Ingestion points: arXiv paper titles and abstracts via
paper-search search. 2. Boundary markers: Absent; the skill does not use delimiters to isolate external data. 3. Capability inventory: CLI execution (paper-search) and file system writes (/workspace/papers/). 4. Sanitization: None performed on external content. - Data Exfiltration (LOW): The skill performs network operations to the arXiv API. While this is the primary purpose and the source is reputable, the domain is not on the explicit whitelist of trusted domains for data exfiltration analysis.
Audit Metadata