arxiv-research
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing paper content for analysis or figure extraction.
- Ingestion points: Paper content and LaTeX sources are fetched from external repositories in
scripts/connect.pyandscripts/tikz.py. - Boundary markers: The analysis templates in
scripts/understand.pyandscripts/tikz.pydo not include protective delimiters or instructions to ignore embedded commands within the fetched content. - Capability inventory: The skill has the ability to write to a local SQLite database for caching (
scripts/cache.py) and perform network requests to academic APIs. - Sanitization: Content is only cleaned for whitespace in
scripts/utils.py, which does not mitigate malicious instructions embedded in research text. - [EXTERNAL_DOWNLOADS]: The skill communicates with well-known and reputable services to fulfill its research purpose, including the arXiv API (
export.arxiv.org), Semantic Scholar (api.semanticscholar.org), and Jina Reader (r.jina.ai). These references are documented neutrally as they are necessary for the skill's primary research function.
Audit Metadata