skills/bighardperson/computer-science-skills-collection/paper-research-assistant/Gen Agent Trust Hub
paper-research-assistant
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted PDF files to extract metadata, creating a surface for indirect prompt injection.
- Ingestion points: The
scripts/parse_paper.pyscript extracts text, titles, and abstracts from user-provided PDF files or URLs. - Boundary markers: No boundary markers or protective instructions are used when the agent processes the extracted text or generated reports.
- Capability inventory: The skill has significant filesystem capabilities, including directory creation (
pathlib.Path.mkdir) and file writing viascripts/scaffold_code.pyandscripts/generate_report.py. - Sanitization: Sanitization is insufficient. In
scripts/scaffold_code.py, paper titles are used to construct directory and file paths with only basic character replacement (spaces and dashes), which does not prevent path traversal sequences (e.g.,../). - [COMMAND_EXECUTION]: The skill automates the creation of executable Python scripts (
train.py,model.py) using templates that incorporate data from untrusted PDFs. While the skill does not execute these scripts automatically, it encourages the user to run code that has been partially influenced by untrusted external input.
Audit Metadata