literature-review
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to well-known academic API endpoints (api.semanticscholar.org, api.openalex.org, api.crossref.org, and eutils.ncbi.nlm.nih.gov). These are legitimate, trusted services for bibliographic data and do not constitute a security risk.
- [CREDENTIALS_UNSAFE]: The skill correctly uses environment variables (SEMANTIC_SCHOLAR_API_KEY, OPENALEX_API_KEY) for authentication rather than hardcoding secrets. It also handles the USER_EMAIL variable for API identification following standard polite-access protocols.
- [SAFE]: No evidence of prompt injection, obfuscation, or persistence mechanisms was found. The script logic is transparent and focuses on parsing JSON and XML data from academic sources.
- [SAFE]: While the skill ingests external content (abstracts) which represents an indirect prompt injection surface, this is inherent to the function of a search tool and is handled through structured JSON output, posing minimal risk to the agent.
Audit Metadata