Skills
skills/swn94/claude-scientific-skills/citation-management/Gen Agent Trust Hub

citation-management

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface. The skill processes data from external scholarly APIs and search results which could be manipulated by an attacker to include instructions for the AI agent.
  • Ingestion points: doi_to_bibtex.py (via CrossRef API) and search_google_scholar.py (via Google Scholar results).
  • Boundary markers: Absent; the scripts do not use specific delimiters to isolate external data from the agent's instructions.
  • Capability inventory: The analyzed scripts do not contain high-risk capabilities like arbitrary command execution or local file writing.
  • Sanitization: Absent; the content is formatted as BibTeX without escaping or validation against injection patterns.
  • [DATA_EXFILTRATION] (LOW): The skill performs network operations to non-whitelisted domains.
  • Evidence: requests.get calls in doi_to_bibtex.py to doi.org and network access performed by the scholarly library.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill relies on external Python packages not included in the pre-approved trusted lists.
  • Evidence: Dependencies on requests and scholarly packages.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:48 PM