literature-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests and processes potentially attacker-controlled metadata from external research papers. Ingestion points: Local files (bib, csv, json, jsonl) and external APIs (arXiv, Semantic Scholar). Boundary markers: None are specified for the data ingested. Capability inventory: The skill produces data intended for downstream LLM tasks such as 'drafting' and 'citation generation'. Sanitization: There is no evidence of sanitization for retrieved abstracts or titles.
- Data Exfiltration (LOW): The skill performs network operations to non-whitelisted domains. Specifically, it uses the r.jina.ai proxy service for literature retrieval. While functional for the skill's purpose, this involves routing traffic through an external third-party service. No sensitive file access or hardcoded credentials were detected.
Audit Metadata