Skills
skills/galaxy-dawn/claude-scholar/zotero-obsidian-bridge/Gen Agent Trust Hub

zotero-obsidian-bridge

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted metadata and fulltext from Zotero items, creating a surface for indirect prompt injection. \n
  • Ingestion points: WORKFLOW.md describes reading item metadata, fulltext, and annotations from Zotero. \n
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are used when processing Zotero data. \n
  • Capability inventory: The skill allows the agent to create and update markdown files and canvas maps in the Obsidian vault. \n
  • Sanitization: No sanitization of external Zotero content is implemented before it is processed and written to notes. \n- [COMMAND_EXECUTION]: The skill uses a bundled Python script (verify_paper_notes.py) for schema validation. This script uses standard library modules and performs safe, read-only file system operations on the project directory.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 04:27 AM