Skills
skills/bighardperson/computer-science-skills-collection/arxiv-watcher/Gen Agent Trust Hub

arxiv-watcher

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content (titles and abstracts) from ArXiv research papers.
  • Ingestion points: XML response data retrieved by scripts/search_arxiv.sh from the ArXiv API.
  • Boundary markers: Absent. The instructions do not provide delimiters or safety warnings to prevent the agent from following instructions embedded in paper data.
  • Capability inventory: The agent can execute shell commands (scripts/search_arxiv.sh), write to the local filesystem (memory/RESEARCH_LOG.md), and perform arbitrary web requests (web_fetch).
  • Sanitization: None. The content is parsed and displayed to the user or logged to memory without validation or escaping.
  • [COMMAND_EXECUTION]: The skill executes a local shell script (scripts/search_arxiv.sh) to interact with the ArXiv API. While the script itself is a simple wrapper, it constitutes an execution surface.
  • [EXTERNAL_DOWNLOADS]: Fetches research metadata from the ArXiv official API (export.arxiv.org). This is a well-known and reputable scientific service.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 10:48 AM
Security Audit — agent-trust-hub — arxiv-watcher