academic-research

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests access to the Bash tool to manage files, perform research tasks, and execute shell-based installation commands.
  • [EXTERNAL_DOWNLOADS]: Fetches citation metadata and research content from well-known academic services, including Semantic Scholar, OpenAlex, and Crossref.
  • [DATA_EXFILTRATION]: Contains a 'cross-model verification' feature (Stage 7 of the academic pipeline) that sends research findings to external, user-configured OpenAI-compatible API endpoints.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted external data such as research papers, URLs, and reviewer comments.
  • Ingestion points: The academic-paper-reviewer mode (accepts PDFs, URLs, and text), deep-research (processes paper sets), and the general academic-pipeline (ingests external documents).
  • Boundary markers: The provided instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious embedded commands within external documents.
  • Capability inventory: The agent has access to Bash (shell execution), Write/Edit (file modification), and WebFetch (network requests).
  • Sanitization: The skill implements 'Integrity Gates' and a 'Material Passport' system designed to verify citations and audit claims against source provenance, which serves as a security control for data integrity.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 05:45 AM
Security Audit — agent-trust-hub — academic-research