arxivterminal
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the 'arxiv' CLI tool for fetching, searching, and managing papers. It also suggests standard system utilities such as 'cp' for database backups, 'sqlite3' for manual inspection, and 'tail' or 'cat' for viewing logs.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill manages local application data and logs stored in the user's Library directory ('
/Library/Application Support/arxivterminal/papers.db' and '/Library/Logs/arxivterminal/arxivterminal.log'). These operations are consistent with the stated purpose of a local paper management tool and do not involve sensitive system files or unexpected network transfers. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content (titles and abstracts) fetched from the external arXiv API.
- Ingestion points: External data enters the agent context via the output of the 'arxiv fetch' command.
- Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores potential malicious instructions embedded within fetched paper abstracts.
- Capability inventory: The skill enables shell command execution via the 'arxiv' tool and other local utilities.
- Sanitization: Absent. The skill does not describe any validation or filtering of the fetched paper content before it is processed or displayed.
Audit Metadata