verify-refs
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with well-known, authoritative scientific services including
api.crossref.organdeutils.ncbi.nlm.nih.gov(PubMed) to verify citation metadata. These operations are standard for the skill's stated purpose of preventing reference hallucinations. - [COMMAND_EXECUTION]: The skill executes local Python (
verify_refs.py) and Bash (verify_cli.sh) scripts bundled with the skill. These scripts perform deterministic processing of manuscript files and generate an audit report. No unauthorized system commands or privilege escalation attempts were detected. - [DATA_EXFILTRATION]: The skill extracts DOI and PMID identifiers from user-provided manuscripts and transmits them to the aforementioned verification APIs. No sensitive user data, environment variables, or system credentials are accessed or transmitted.
- [SAFE]: The skill follows security best practices by using deterministic scripts for data verification rather than relying on generative model memory, which effectively mitigates risks of hallucination during the audit process.
Audit Metadata