Skills
skills/bighardperson/computer-science-skills-collection/citation-manager/Gen Agent Trust Hub

citation-manager

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation file PROJECT_COMPLETION_SUMMARY.md contains a Python script snippet that uses the exec() and compile() functions. This indicates the capability to execute code dynamically at runtime, although in this context it appears to be an artifact of an automated documentation generation process.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch bibliographic metadata from external services including api.crossref.org and openlibrary.org. While these are well-known and reputable academic resources, they represent a remote data source.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from external APIs and user-provided files (BibTeX, RIS, CSV) and formats this content into citation strings without sanitization.
  • Ingestion points: Metadata retrieval in academic_citation_skill.py and file parsing in batch_import.py.
  • Boundary markers: None; the citation strings are generated without delimiters or warnings to the agent to ignore instructions embedded in the metadata.
  • Capability inventory: The skill can perform network requests and write to the local file system (reference_database.json).
  • Sanitization: There is no evidence of filtering or escaping external content before it is processed and displayed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 01:02 AM
Security Audit — agent-trust-hub — citation-manager