literature-search
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external files.
- Ingestion points: Local .bib files located in the project directory, ~/code, and ~/paperpile-bib as specified in SKILL.md.
- Boundary markers: None identified; the skill does not use delimiters or instructions to ignore embedded commands in the bibliography data.
- Capability inventory: The skill body does not define specific command execution or network operations, but it directs the agent to read and summarize file contents.
- Sanitization: No sanitization or validation of the .bib file content is specified before processing.
Audit Metadata