citation-management
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted content from external academic databases and URLs.\n
- Ingestion points: The skill fetches metadata and search results from Google Scholar, PubMed, CrossRef, arXiv, and user-provided identifiers in
extract_metadata.py.\n - Capability inventory: It executes local Python scripts that perform network requests and write formatted output to the file system.\n
- Boundary markers: The instructions do not specify the use of delimiters or instructions to ignore embedded commands for the external data processed.\n
- Sanitization: No content validation or sanitization of the retrieved metadata is described before its use in generation tasks.\n- [COMMAND_EXECUTION]: The skill utilizes several local Python scripts to perform search, extraction, and formatting operations, such as
scripts/search_pubmed.pyandscripts/format_bibtex.py.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of well-known Python packages from official registries, includingrequests,biopython,scholarly, andselenium, to interact with academic APIs.
Audit Metadata