arxiv-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill retrieves abstracts and titles from the external arXiv repository which is an untrusted source. Maliciously crafted paper metadata could influence the agent's subsequent behavior. Evidence Chain: 1. Ingestion points: External paper data is retrieved via the ArxivClient in scripts/search_arxiv.py and printed to the console. 2. Boundary markers: There are no delimiters or instructions used to warn the agent about untrusted content in the search results. 3. Capability inventory: The skill is configured with Bash, Read, and Write tools, which increases the potential impact of a successful injection. 4. Sanitization: No sanitization or escaping is performed on the abstracts or titles before they are passed to the agent context.
Audit Metadata