Skills
skills/bahayonghang/zotero-cli/zot-skills/Gen Agent Trust Hub

zot-skills

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill translates user requests into shell commands using the zot CLI tool and cargo run -q -p zot-cli for local library management. This involves system-level interaction with local databases and external Zotero APIs to perform search and write operations.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it retrieves and processes untrusted data from an external source.
  • Ingestion points: The agent fetches metadata, notes, and PDF content directly from the Zotero database (SKILL.md).
  • Boundary markers: No specific delimiters or guardrails are provided to isolate content retrieved from Zotero from the agent's instructions.
  • Capability inventory: The agent has shell execution and network access capabilities via the zot CLI tool and cargo runner.
  • Sanitization: The instructions do not define any sanitization or validation protocols for the data ingested from Zotero before it is processed by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:16 PM