kb-meta-fetch
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The script initiates network connections to
api.crossref.orgto retrieve journal metadata. While functional, this domain is not included in the trusted whitelist of repositories or organizations.\n- [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface by consuming external data that is later logged and printed.\n - Ingestion points: Metadata is retrieved via the Crossref API in
scripts/crossref_multi_increment.py.\n - Boundary markers: No delimiters or safety instructions are used when presenting ingested content (titles/authors) in logs or output.\n
- Capability inventory: The skill has write access to the database and the local filesystem for logging.\n
- Sanitization: Standard SQL parameterization is used to prevent SQL injection, but the script does not sanitize text content for LLM safety.
Audit Metadata