paperzilla
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Paperzilla CLI tool using official package managers like Homebrew and Scoop, or by building from the official GitHub repository. These download sources are associated with the vendor's official presence.
- [COMMAND_EXECUTION]: The skill documents the use of the
pzcommand-line utility for various tasks including authentication (pz login), project management, and data retrieval. These commands are necessary for the skill's stated purpose of interacting with the Paperzilla service. - [PROMPT_INJECTION]: The skill processes external research data and project feeds which constitutes an indirect prompt injection surface. However, this is a standard risk for information retrieval skills and the use of official vendor tools minimizes the threat context.
Audit Metadata