cli-hub-matrix-knowledge-research
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through its integration with various external data providers.
- Ingestion points: Untrusted data is ingested from web searches, article scraping (via trafilatura and playwright), and external reference managers (Zotero, Semantic Scholar) in the
SKILL.mdfile. - Boundary markers: No specific delimiters or "ignore instructions" prompts are utilized when the agent processes data from these external providers.
- Capability inventory: The skill has extensive capabilities including executing shell commands (pandoc, qpdf, huggingface-cli, etc.), writing files (DOCX, PDF, PPTX), and interacting with various cloud APIs.
- Sanitization: There is no evidence of sanitization or filtering applied to external content before it is passed to LLM models for synthesis or summarization.
- [COMMAND_EXECUTION]: The skill utilizes many external CLI tools and native binaries (e.g.,
pandoc,qpdf,pdftk,exiftool,latexmk,hugo,mkdocs) to fulfill its capabilities as documented in the tool tables and preflight script. - [EXTERNAL_DOWNLOADS]: The skill relies on a vast ecosystem of third-party dependencies, including numerous Python packages and external CLI utilities, to perform its research and authoring tasks.
Audit Metadata