Skills
skills/hkphysics/scientific-agent-skills/citation-management/Gen Agent Trust Hub

citation-management

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/generate_schematic.py utilizes subprocess.run to invoke a secondary local script, scripts/generate_schematic_ai.py. This is part of the intended functionality to generate scientific diagrams using an external AI service.
  • [EXTERNAL_DOWNLOADS]: Multiple scripts (search_google_scholar.py, search_pubmed.py, extract_metadata.py, doi_to_bibtex.py, validate_citations.py) make HTTP requests to reputable academic and infrastructure services, including CrossRef (api.crossref.org), NCBI (eutils.ncbi.nlm.nih.gov), arXiv (export.arxiv.org), and DOI resolvers (doi.org). These are legitimate operations for metadata retrieval.
  • [EXTERNAL_DOWNLOADS]: The diagram generation functionality in scripts/generate_schematic_ai.py communicates with the OpenRouter API (openrouter.ai). This requires an API key provided by the user via environment variables or a .env file, which follows standard security practices for secret management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 11:16 AM
Security Audit — agent-trust-hub — citation-management