academic-research
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests access to the
Bashtool to manage files, perform research tasks, and execute shell-based installation commands. - [EXTERNAL_DOWNLOADS]: Fetches citation metadata and research content from well-known academic services, including Semantic Scholar, OpenAlex, and Crossref.
- [DATA_EXFILTRATION]: Contains a 'cross-model verification' feature (Stage 7 of the academic pipeline) that sends research findings to external, user-configured OpenAI-compatible API endpoints.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted external data such as research papers, URLs, and reviewer comments.
- Ingestion points: The
academic-paper-reviewermode (accepts PDFs, URLs, and text),deep-research(processes paper sets), and the generalacademic-pipeline(ingests external documents). - Boundary markers: The provided instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious embedded commands within external documents.
- Capability inventory: The agent has access to
Bash(shell execution),Write/Edit(file modification), andWebFetch(network requests). - Sanitization: The skill implements 'Integrity Gates' and a 'Material Passport' system designed to verify citations and audit claims against source provenance, which serves as a security control for data integrity.
Audit Metadata