preprint-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest and summarize data from external, third-party preprint servers (arXiv, medRxiv, bioRxiv) where content is not pre-vetted. This creates a surface for indirect prompt injection if an attacker embeds instructions within a preprint.
- Ingestion points: arXiv, medRxiv, and bioRxiv search results.
- Boundary markers: Absent; the instructions do not include delimiters or specific warnings to the agent to ignore instructions embedded in the papers.
- Capability inventory: The skill is prompt-based and does not include custom scripts, subprocess calls, or network operations beyond the implied search capability.
- Sanitization: No content filtering or instruction-stripping logic is present.
- [Prompt Injection] (SAFE): The instructions are instructional and do not contain patterns for bypassing safety filters, disregarding previous instructions, or extracting system prompts.
- [Data Exposure & Exfiltration] (SAFE): No access to local sensitive files (~/.ssh, ~/.aws) or hardcoded credentials was detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill is entirely Markdown-based and does not reference or download external packages or scripts.
Audit Metadata