Skills
skills/edwinhu/workflows/google-scholar/Gen Agent Trust Hub

google-scholar

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the scholar command-line tool, which is expected to be installed at ~/.local/bin/scholar. This tool handles all interactions with the Google Scholar service.
  • [EXTERNAL_DOWNLOADS]: The skill provides functionality to download academic papers from the web using the scholar download command or the --download flag, intended for open-access content.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. * Ingestion points: Metadata (titles, abstracts) returned from the Google Scholar CLI and the domain-knowledge.local.md file. * Boundary markers: The skill does not explicitly define delimiters for untrusted data in its instructions. * Capability inventory: The agent can execute system commands via the scholar CLI and perform file system operations. * Sanitization: There is no explicit sanitization step for the content fetched from the web before it is integrated into the agent's output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:35 AM