literature-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to retrieve academic metadata and abstracts from
export.arxiv.organdapi.semanticscholar.org. - It utilizes the
r.jina.aiproxy service to facilitate stable network connectivity in restricted environments. - All network interactions target well-known academic repositories or utility services for the primary purpose of literature retrieval.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted content from the web.
- Ingestion points: Data is ingested through external API calls to ArXiv and Semantic Scholar, as well as local file imports (BibTeX, CSV, JSON) via
scripts/run.py. - Boundary markers: The skill writes the collected metadata directly to
papers/papers_raw.jsonlwithout applying boundary delimiters or adding warnings to ignore embedded instructions. - Capability inventory: The skill has the capability to perform network GET requests and write to the local filesystem.
- Sanitization: Paper abstracts and titles are normalized for formatting but are not sanitized or filtered for potential prompt injection strings that could influence subsequent agent processing steps.
Audit Metadata