Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/research-wiki/Gen Agent Trust Hub

research-wiki

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by fetching paper metadata and content from external research databases (arXiv, DBLP, Semantic Scholar). This untrusted data is stored and later used as context in query_pack.md for other workflows. Ingestion points: External research databases via WebFetch. Boundary markers: Absent; no explicit delimiters or instructions to ignore embedded commands are specified for the ingested content. Capability inventory: Bash(*), Read, Write, Edit, and Agent tools are available to the skill. Sanitization: Absent; the instructions do not specify any validation or sanitization of the fetched external content.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash(*) tool and accepts user-supplied subcommands through the $ARGUMENTS variable, a pattern that relies on platform-level input sanitization.
  • [EXTERNAL_DOWNLOADS]: The skill fetches research paper metadata from well-known academic services (arXiv, DBLP, and Semantic Scholar), which is consistent with its intended research-oriented purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 09:08 AM