Skills
skills/yipng05-max/-skills/foreign-literature-search/Gen Agent Trust Hub

foreign-literature-search

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to the OpenAlex API (api.openalex.org) to fetch academic metadata. OpenAlex is a well-known and reputable academic service.
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/openalex_search.py) and a dynamic Python code block to merge data.
  • Evidence: The skill uses pip install openpyxl to manage dependencies and executes the search script using shell commands.
  • Observation: The SKILL.md file contains hardcoded absolute paths (e.g., /Users/songyiping/...) derived from the developer's environment, which may need adjustment for other users.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to the processing of untrusted external content.
  • Ingestion points: Academic paper titles and abstracts are fetched from the OpenAlex API in scripts/openalex_search.py.
  • Boundary markers: There are no explicit boundary markers or instructions used to separate fetched data from agent instructions during processing.
  • Capability inventory: The skill has the capability to write to the file system (Excel output in ~/Downloads) and execute shell commands to open files.
  • Sanitization: The script decodes the OpenAlex inverted index into plain text but does not perform specific sanitization for malicious instructions embedded in the abstracts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 11:41 AM