using-riszotto
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the uvx tool to download and run the riszotto package from the Python Package Index (PyPI), which is a well-known and standard package registry.
- [COMMAND_EXECUTION]: Shell commands are used to invoke the riszotto CLI for library management tasks such as searching, indexing, and exporting citations.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes external data from a Zotero library.
- Ingestion points: Untrusted content from Zotero PDF attachments is converted to markdown and ingested into the agent context via the 'uvx riszotto show' command.
- Boundary markers: The instructions do not provide explicit delimiters or boundary markers to isolate the converted PDF text from the agent's system instructions.
- Capability inventory: The agent has the capability to execute further shell commands using the uvx tool as described across the skill's workflows.
- Sanitization: There is no mention of sanitization, filtering, or validation of the content retrieved from the Zotero library before it is displayed to the agent.
Audit Metadata