citation-management
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves bibliographic metadata and resolves scholarly identifiers from authoritative and well-known academic services.\n
- Fetches publication metadata using the CrossRef API (api.crossref.org).\n
- Resolves Digital Object Identifiers (DOIs) via the official doi.org service.\n
- Retrieves biomedical citations from the NCBI PubMed E-utilities (eutils.ncbi.nlm.nih.gov).\n
- Accesses preprint metadata through the arXiv API (export.arxiv.org).\n- [COMMAND_EXECUTION]: Provides several Python scripts to automate search, extraction, and formatting tasks, which are executed using the agent's system capabilities.\n
scripts/search_google_scholar.pyandscripts/search_pubmed.py: Automate literature discovery across academic databases.\nscripts/extract_metadata.py: Programmatically resolves identifiers into structured metadata.\nscripts/validate_citations.pyandscripts/format_bibtex.py: Maintain the integrity and consistency of bibliography files.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its reliance on external bibliographic data.\n- Ingestion points: Untrusted data such as paper titles and abstracts enter the agent's context through external API responses in
scripts/extract_metadata.pyandscripts/search_pubmed.py.\n - Boundary markers: Bibliographic data is structured with BibTeX braces during processing, although the instructions do not explicitly warn the agent to ignore potential instructions embedded within the metadata.\n
- Capability inventory: The skill utilizes
Read,Write,Edit, andBashtools to manage files and execute automation scripts.\n - Sanitization: Scripts perform standard string cleanup for formatting purposes but do not implement specific security sanitization to neutralize adversarial natural language instructions in retrieved paper descriptions.
Audit Metadata