papers
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns were detected. The skill utilizes established academic APIs (arXiv, Semantic Scholar, PubMed) and focuses on document analysis for research purposes, which is consistent with its stated intent.
- [PROMPT_INJECTION]: The skill processes untrusted external PDF content, which represents a surface for indirect prompt injection. This risk is inherent to the skill's primary purpose of parsing third-party research documents and is generally managed by the underlying model's safety guardrails.
- Ingestion points: External PDFs are fetched from sources including arXiv, Semantic Scholar, Unpaywall, CORE, and PubMed as defined in SKILL.md.
- Boundary markers: Absent; the instructions do not define explicit delimiters or instructions for the agent to disregard commands embedded within the fetched document text.
- Capability inventory: The skill uses the
leyline:document-conversionprotocol and extraction targets to convert PDFs to markdown and summarize findings. - Sanitization: Absent; the skill does not specify any validation or sanitization steps for the data extracted from the external documents.
Audit Metadata