ai-scientist
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
ai-scientistPython package from a public registry. This is a standard dependency for the skill's stated purpose of research automation. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes data from external, untrusted sources such as ArXiv and Semantic Scholar. Ingestion points: Untrusted data is ingested through the
LiteratureReviewerandResultAnalyzercomponents from external APIs and local files. Boundary markers: The provided instructions and code snippets do not implement clear delimiters or instructions to ignore embedded commands within the ingested data. Capability inventory: The skill possesses capabilities to write files to the local file system (e.g.,paper.save) and generate experiment designs based on external input. Sanitization: There is no evidence of sanitization or validation of the retrieved scientific data before it is processed by the AI models. - [CREDENTIALS_UNSAFE]: The documentation references API keys for Anthropic and OpenAI. It correctly advises users to set these as environment variables and provides placeholder values for demonstration, which is consistent with secure development practices.
Audit Metadata