Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/research-lit/Gen Agent Trust Hub

research-lit

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests broad shell access via the Bash(*) permission, which allows the agent to execute arbitrary commands. This capability significantly increases the potential impact of other vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves academic content from external well-known services like arXiv and Semantic Scholar using the WebFetch and WebSearch tools.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its processing of untrusted data. 1. Ingestion points: External papers via WebFetch, local PDFs via Read, and personal notes via mcp__obsidian-vault__. 2. Boundary markers: The skill does not define delimiters or specific instructions to prevent the agent from following commands embedded within analyzed documents. 3. Capability inventory: Access to high-privilege tools including Bash(), Write, Read, Glob, Grep, and Agent. 4. Sanitization: No evidence of validation or filtering for extracted text content before it is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 06:43 AM