cite
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by processing untrusted data from external paper links.
- Ingestion points: External URL content and metadata fetched during the citation process (SKILL.md).
- Boundary markers: No specific delimiters or instructions are provided to the agent to ignore potentially malicious content within the fetched data.
- Capability inventory: The skill performs network requests to fetch paper information.
- Sanitization: No explicit validation or filtering of the fetched content is specified to mitigate injection risks.
- [NO_CODE]: The skill does not include any executable scripts or binaries (e.g., .py, .js, .sh files). It functions entirely through natural language instructions described in the SKILL.md file.
Audit Metadata