research-plan
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates good security awareness by implementing path validation and symbolic link protection in
scripts/initialize.pyto prevent path traversal attacks. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves extracting information from external PDFs, which constitutes an indirect prompt injection surface.
- Ingestion points: PDF content extracted into
extracted/papers_info.json(as described inSKILL.md). - Boundary markers: No specific delimiters or "ignore instructions" warnings are provided in the prompts when processing the extracted paper data.
- Capability inventory: File system write access, planned network requests to research APIs.
- Sanitization: The
scripts/bibtex.pyandscripts/utils.pyfiles implement basic sanitization for LaTeX output and file naming. - [EXTERNAL_DOWNLOADS]: The configuration and instructions reference interactions with established research services including PubMed, arXiv, Semantic Scholar, and Unpaywall for文献检索 and PDF retrieval. These are well-known research services and technology platforms.
- [COMMAND_EXECUTION]: The skill includes instructions to use the
gh(GitHub CLI) tool for reporting bugs to a repository associated with the author (huangwb8/bensz-bugs), which relies on the user's local authentication.
Audit Metadata