zergscholar
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches paper metadata and PDF documents from Arxiv's public API and the vendor's ZergScholar platform. These connections are necessary for the skill's synchronization features and target established, trusted research services.
- [REMOTE_CODE_EXECUTION]: Uses dynamic module loading (via
__import__) for the standardrelibrary to handle regex-based parsing. This is a legitimate implementation for text processing and does not pose a security risk as it is restricted to standard library modules. - [PROMPT_INJECTION]: The skill processes research summaries and papers from external APIs. This creates a theoretical surface for indirect prompt injection via malicious paper content, which is an inherent and expected risk factor for research-ingestion tools handled without escalating the verdict.
Audit Metadata