cli-hub-matrix-knowledge-research

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through its integration with various external data providers.
  • Ingestion points: Untrusted data is ingested from web searches, article scraping (via trafilatura and playwright), and external reference managers (Zotero, Semantic Scholar) in the SKILL.md file.
  • Boundary markers: No specific delimiters or "ignore instructions" prompts are utilized when the agent processes data from these external providers.
  • Capability inventory: The skill has extensive capabilities including executing shell commands (pandoc, qpdf, huggingface-cli, etc.), writing files (DOCX, PDF, PPTX), and interacting with various cloud APIs.
  • Sanitization: There is no evidence of sanitization or filtering applied to external content before it is passed to LLM models for synthesis or summarization.
  • [COMMAND_EXECUTION]: The skill utilizes many external CLI tools and native binaries (e.g., pandoc, qpdf, pdftk, exiftool, latexmk, hugo, mkdocs) to fulfill its capabilities as documented in the tool tables and preflight script.
  • [EXTERNAL_DOWNLOADS]: The skill relies on a vast ecosystem of third-party dependencies, including numerous Python packages and external CLI utilities, to perform its research and authoring tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 10:52 PM
Security Audit — agent-trust-hub — cli-hub-matrix-knowledge-research