Skills
skills/eturkes/claude-scientific-skills/literature-review/Gen Agent Trust Hub

literature-review

Fail

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The SKILL.md file contains instructions to install a mandatory dependency using curl -fsSL https://parallel.ai/install.sh | bash. Piped remote script execution is an insecure pattern that allows an untrusted third-party server to execute arbitrary code on the user's system.
  • [COMMAND_EXECUTION]: Multiple scripts within the skill (generate_pdf.py, generate_schematic.py) use the subprocess module to run external binaries such as pandoc and xelatex, or to trigger secondary Python scripts. This creates a significant local command execution surface.
  • [EXTERNAL_DOWNLOADS]: The skill performs extensive network operations across several files. It fetches academic metadata from doi.org and api.crossref.org in verify_citations.py, and communicates with openrouter.ai in generate_schematic_ai.py to generate images. These interactions involve external data exchange with non-whitelisted domains.
Recommendations
  • HIGH: Downloads and executes remote code from: https://parallel.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 16, 2026, 10:49 PM
Security Audit — agent-trust-hub — literature-review