paper-workbench
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/normalize_paper.pyusesimportlib.utilto dynamically loadscripts/xray_io.pyfrom a file path constructed at runtime. Additionally, the test suite utilizessubprocess.runto execute Python scripts for verification purposes.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and summarizes content from external academic sources such as arXiv, DOI links, and web-hosted PDFs. - Ingestion points: Academic paper content is retrieved via web requests or local file reads within
normalize_paper.py. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the processed paper content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has access to shell execution (
Bash), network requests (WebFetch), and file system modification (Write). - Sanitization: While basic text normalization and unescaping are performed, no specialized sanitization is implemented to mitigate adversarial instructions embedded within the processed documents.- [EXTERNAL_DOWNLOADS]: The skill fetches academic metadata and document full-text from well-known academic services including Crossref, AlphaXiv, and arXiv.
Audit Metadata