arxiv-search
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation instructs the agent to execute local scripts (
scripts/searchandscripts/search.mjs) to interact with the search service. It also provides a method to locate these scripts within the environment's plugin cache directory (~/.claude/plugins/cache) using thefindcommand. - [PROMPT_INJECTION]: The skill processes external data from arXiv papers, which represents a potential surface for indirect prompt injection if papers contain instructions designed to influence the agent's behavior.
- Ingestion points: The
contentfield within search results, which includes full-text article data. - Boundary markers: The documentation does not specify the use of delimiters or warnings to prevent the agent from obeying instructions found within the paper content.
- Capability inventory: The skill provides the agent with the ability to execute local scripts and shell commands to perform searches and configuration.
- Sanitization: There is no mention of sanitization or filtering applied to the retrieved paper content before it is processed by the agent.
Audit Metadata