Skills
NYC
skills/smithery/ai/read-arxiv-paper/Gen Agent Trust Hub

read-arxiv-paper

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads .tar.gz archives from arxiv.org and unpacks them locally. Although ArXiv is a reputable scientific repository, its content is user-provided and unvetted. Unpacking untrusted archives poses a risk of path traversal or processing malformed data.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it is instructed to 'read the contents and then recurse through all other relevant source files' of an untrusted external document.
  • Ingestion points: Untrusted LaTeX source files stored in ~/.cache/nanochat/knowledge/.
  • Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the fetched papers.
  • Capability inventory: The agent can unpack archives, read local source code in the nanochat repository, and write markdown files to the local ./knowledge/ directory.
  • Sanitization: Absent. The agent processes the raw text of the LaTeX files directly without validation or filtering.
  • [DATA_EXFILTRATION] (LOW): While the skill does not explicitly exfiltrate data over the network, it reads local repository code and writes to a local markdown file. An indirect prompt injection could potentially trick the agent into including sensitive local information or secrets in the summary files it generates.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:36 PM