literature-search
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external content from local .bib files to generate summaries. This creates a surface for indirect prompt injection where instructions embedded in bibliography metadata could influence the agent's reasoning. Ingestion points: Local .bib files in project, ~/code, and ~/paperpile-bib. Capability inventory: Data extraction and summarization. Boundary markers: None. Sanitization: None.
- Data Exposure (LOW): The skill performs broad filesystem searches across the ~/code directory. While limited to .bib files, this grants the agent visibility into the user's software project structures.
Audit Metadata