reference-organizer
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to build and run shell commands using user-supplied parameters like arXiv IDs and formatting choices. This pattern is vulnerable to argument injection if the agent does not strictly validate or escape the provided input.
- [PROMPT_INJECTION]: The skill ingests untrusted data from academic databases and external web pages, creating a surface for indirect prompt injection. 1. Ingestion points: Metadata strings fetched via the arXiv and Crossref APIs. 2. Boundary markers: The instructions do not define boundary markers to isolate external data from agent instructions. 3. Capability inventory: Subprocess execution and web tool usage. 4. Sanitization: No evidence of sanitization or filtering for the retrieved metadata.
- [EXTERNAL_DOWNLOADS]: The skill's scripts perform network requests to established academic services, including arXiv.org and Crossref.org, to facilitate its primary function.
Audit Metadata