arxiv
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'arxiv' Python library. This is a well-known, public library for interacting with the official arXiv API and is considered a safe dependency.
- [COMMAND_EXECUTION]: The skill executes a local helper script at 'scripts/search.py' to process search queries. The script uses standard argument parsing to handle user input and does not employ unsafe shell execution or dynamic code evaluation.
- [PROMPT_INJECTION]: The skill processes untrusted external data (paper abstracts) from the arXiv repository. This creates a surface for indirect prompt injection where a maliciously crafted abstract could attempt to influence the agent's summarization. However, the skill lacks high-risk capabilities (like network exfiltration or system modification) that would make this surface critical.
Audit Metadata