ArXiv
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches academic paper metadata and AI-generated overviews from arXiv's Atom API and AlphaXiv's markdown endpoint.
- [COMMAND_EXECUTION]: Uses
curlto perform network requests andechoto append metadata to a local log file. The logging command uses shell-based string concatenation for JSON assembly. - [PROMPT_INJECTION]: Processes abstracts and summaries from external sources, presenting an indirect prompt injection surface.
- Ingestion points: Metadata from
export.arxiv.organd summaries fromalphaxiv.orgacross all workflows. - Boundary markers: Absent; content is formatted as standard markdown.
- Capability inventory: Network requests via
curland local file writes viaecho. - Sanitization: Not explicitly performed; the skill relies on the content being research-focused.
- [SAFE]: The skill's activities are consistent with its purpose of academic research. All network traffic is directed at well-known academic services.
Audit Metadata