semantic-scholar-deep
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses environment variables (
SEMANTIC_SCHOLAR_API_KEY) for authentication rather than hardcoded credentials, adhering to security best practices for secret management. - [EXTERNAL_DOWNLOADS]: The skill communicates with the official Semantic Scholar API (
api.semanticscholar.org) and suggests the use of the Exa MCP service for paper discovery. These are well-known technical and academic services. - [PROMPT_INJECTION]: The bundled subagent (
deep-paper-researcher.md) includes specific instructions to prioritize the user's verbatim request over potentially misinterpreted date windows or paraphrasing introduced by a calling agent, serving as a defensive measure in multi-agent workflows. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external academic literature (abstracts and snippets).
- Ingestion points: Data is fetched from the Semantic Scholar API and Exa MCP results.
- Boundary markers: The subagent instructions do not explicitly define delimiters for external paper content.
- Capability inventory: The agent can execute local Python scripts and perform file read/write operations to manage research results.
- Sanitization: The skill distills and summarizes technical content; no explicit escaping of paper metadata is performed in the scripts.
- [COMMAND_EXECUTION]: The skill executes locally provided Python scripts (
ss_client.py,citation_graph.py) to perform structured research and graph traversal. - [DATA_EXFILTRATION]: No unauthorized data exfiltration was detected. The skill transmits only necessary search parameters to designated research APIs and follows 'token hygiene' practices by storing large results in local files.
Audit Metadata