research-plan

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill demonstrates good security awareness by implementing path validation and symbolic link protection in scripts/initialize.py to prevent path traversal attacks.
  • [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves extracting information from external PDFs, which constitutes an indirect prompt injection surface.
  • Ingestion points: PDF content extracted into extracted/papers_info.json (as described in SKILL.md).
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are provided in the prompts when processing the extracted paper data.
  • Capability inventory: File system write access, planned network requests to research APIs.
  • Sanitization: The scripts/bibtex.py and scripts/utils.py files implement basic sanitization for LaTeX output and file naming.
  • [EXTERNAL_DOWNLOADS]: The configuration and instructions reference interactions with established research services including PubMed, arXiv, Semantic Scholar, and Unpaywall for文献检索 and PDF retrieval. These are well-known research services and technology platforms.
  • [COMMAND_EXECUTION]: The skill includes instructions to use the gh (GitHub CLI) tool for reporting bugs to a repository associated with the author (huangwb8/bensz-bugs), which relies on the user's local authentication.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:22 PM
Security Audit — agent-trust-hub — research-plan