arxiv-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted third-party data that could contain malicious instructions.
- Ingestion points: Full article text and metadata are ingested via the
results[].contentfield from the Valyu/arXiv API. - Boundary markers: None identified in the provided documentation to distinguish between system instructions and paper content.
- Capability inventory: The agent has the ability to execute shell commands via the
scripts/searchwrapper. - Sanitization: No evidence of sanitization or filtering of the retrieved arXiv content before it is processed by the agent.
- [Credentials Unsafe] (LOW): The
scripts/search setup <api-key>command requires the user to provide their API key as a command-line argument. This is a security anti-pattern as arguments can be logged in shell history files (e.g.,.bash_history) or visible in process listings. - [Command Execution] (LOW): The skill relies on executing local scripts (
scripts/search) with user-provided natural language queries. While expected for this skill's functionality, it requires the underlying Node.js and Bash scripts to properly sanitize input to prevent command injection.
Audit Metadata