research
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
findcommand to dynamically locate and execute local bash scripts (exa.sh,firecrawl.sh,alphaxiv.sh) within standard skill installation directories (~/.claude/skills or ~/.agents/skills). - [EXTERNAL_DOWNLOADS]: The helper script
scripts/alphaxiv.shperforms network requests usingcurlto retrieve academic paper summaries and abstracts from the AlphaXiv web service. - [PROMPT_INJECTION]: The instructions direct the agent to operate with high autonomy, specifically advising it not to stop for user permission between automated search steps. Additionally, the skill establishes a data ingestion surface by processing content from web searches and research papers, which is a potential vector for indirect prompt injection where external documents could attempt to influence agent behavior.
Audit Metadata