paper-summary
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect prompt injection. 1. Ingestion points: External data is fetched from arbitrary URLs, DOIs, or file paths provided in arguments. 2. Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded in the paper content. 3. Capability inventory: The skill instructions involve network access (Fetch) and file system modification (Save as). 4. Sanitization: Absent; the agent is instructed to read and summarize the content directly without validation. A malicious paper could contain instructions to exploit the agent's environment or exfiltrate data.
- Data Exposure (MEDIUM): The 'file path' argument allows the agent to read local files. Without path restriction, an attacker could trick the agent into reading and summarizing sensitive files like credentials or private keys.
Recommendations
- AI detected serious security threats
Audit Metadata