Skills
skills/fmschulz/omics-skills/arxiv-search/Gen Agent Trust Hub

arxiv-search

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: Fetches research metadata from the official and well-known arXiv API (export.arxiv.org).
  • [COMMAND_EXECUTION]: Uses local bash scripts to wrap Python functionality for searching and summarizing papers.
  • [SAFE]: The summarization tool writes Markdown files to a user-specified directory, using regex-based sanitization to ensure safe filename generation from arXiv IDs.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted metadata (titles, abstracts) from the arXiv API.
  • Ingestion points: Data enters the context via the arXiv Atom API response in scripts/search.py.
  • Boundary markers: Extracted metadata is placed into Markdown files (scripts/summarize.py) within standard sections like ## Abstract but lacks explicit instructions for downstream agents to ignore embedded commands.
  • Capability inventory: The skill performs network requests using urllib.request and local file writes using pathlib.
  • Sanitization: While filenames are sanitized to prevent path traversal, the content of the abstracts is not sanitized or escaped for potential instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 02:58 AM