Skills
skills/shaun-z/auto-claude-code-research-in-sleep/research-lit/Gen Agent Trust Hub

research-lit

Fail

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow executes local Python scripts using the Bash(*) tool. It interpolates user-controlled input ($ARGUMENTS) directly into shell commands, such as python3 "$SCRIPT" search "QUERY". This creates a high risk of command injection, allowing arbitrary shell execution if the research topic contains shell metacharacters.
  • [DATA_EXFILTRATION]: The skill reads sensitive data from private sources like Obsidian vaults and Zotero libraries. It also performs network operations via WebSearch and external APIs. This combination allows for potential exfiltration where private note content or annotations could be included in outbound search queries or API requests.
  • [EXTERNAL_DOWNLOADS]: The skill provides an option to download PDF files from arXiv. While arXiv is a recognized academic source, automated file downloads increase the attack surface for potential file-based exploits that could target the agent's PDF processing capabilities.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted research papers and web content without boundary markers or sanitization. Ingestion points: Zotero, Obsidian, Local PDFs, WebSearch, and arXiv. Boundary markers: Absent. Capability inventory: Bash, Write. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 19, 2026, 03:14 AM