zergscholar

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches paper metadata and PDF documents from Arxiv's public API and the vendor's ZergScholar platform. These connections are necessary for the skill's synchronization features and target established, trusted research services.
  • [REMOTE_CODE_EXECUTION]: Uses dynamic module loading (via __import__) for the standard re library to handle regex-based parsing. This is a legitimate implementation for text processing and does not pose a security risk as it is restricted to standard library modules.
  • [PROMPT_INJECTION]: The skill processes research summaries and papers from external APIs. This creates a theoretical surface for indirect prompt injection via malicious paper content, which is an inherent and expected risk factor for research-ingestion tools handled without escalating the verdict.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:05 PM
Security Audit — agent-trust-hub — zergscholar