literature-mentor
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests and processes untrusted external data from academic papers (via Zotero MCP and web fetching). This creates an inherent surface for indirect prompt injection, where an attacker could embed malicious instructions within a paper to influence the agent.
- Ingestion points:
zotero_get_item_fulltextandweb_fetchinSKILL.md. - Boundary markers: The skill implements a structured 'reading-protocol' and 'figure-reading' framework to maintain context and evidence-based analysis.
- Capability inventory: Read-only access to Zotero metadata/fulltext and web search/fetch tools.
- Sanitization: No explicit programmatic sanitization is defined, though the skill mandates 'four-level honest labeling' to distinguish evidence from inference.
- [SAFE]: No obfuscation, dynamic code generation, or persistence mechanisms were found. All network operations target well-known academic services (arXiv, DOI providers) to retrieve documents as per the skill's primary function.
Audit Metadata