Skills
skills/dsebastien/ai-skill-scholar/literature-review/Gen Agent Trust Hub

literature-review

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/literature_review.py executes sibling scripts like scholar_search.py and arxiv_search.py using subprocess.run. This is used to leverage specialized searching skills within the local environment.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection via academic metadata fetched from external sources.\n
  • Ingestion points: External data (paper titles, abstracts, TLDRs) from APIs like OpenAlex and Semantic Scholar are written to candidates.json and shortlist.json in the session directory.\n
  • Boundary markers: The skill does not employ boundary markers or specific instructions to the agent to disregard instructions potentially embedded in the fetched paper data.\n
  • Capability inventory: The skill possesses capabilities for command execution (via subprocess) and local file system access (creating and writing to session directories).\n
  • Sanitization: Fetched metadata is directly saved and processed without sanitization or escaping of its content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:46 AM