Skills
skills/ar9av/paperorchestra/literature-review-agent/Gen Agent Trust Hub

literature-review-agent

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches academic paper metadata and abstracts from the well-known Semantic Scholar API (api.semanticscholar.org) and optionally from the Exa search API (api.exa.ai). These are established services used for research data retrieval.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted paper titles and abstracts from external sources and incorporates them into prompts for drafting technical text. This is an inherent risk factor for research agents that process external literature. No active injection patterns were detected.
  • Ingestion points: Paper abstracts and titles fetched via scripts/s2_search.py and web search, stored in workspace/citation_pool.json and processed by the host agent.
  • Boundary markers: Not explicitly used to isolate external content in the writing prompt.
  • Capability inventory: The skill writes to the filesystem (workspace/drafts/intro_relwork.tex) and executes bundled Python scripts for data processing.
  • Sanitization: The skill relies on the LLM's internal safety filters as no explicit sanitization is performed on the fetched text.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 02:00 PM