pyzotero
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
pyzoteropackage and its CLI components from standard, well-known registries like PyPI. - [CREDENTIALS_UNSAFE]: The documentation includes placeholder credentials (e.g., 'ABC1234XYZ') for instructional purposes and correctly advises users to manage sensitive API keys via environment variables or .env files.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external bibliographic libraries, including item titles, notes, and full-text PDF content, which constitutes a surface for indirect prompt injection.
- Ingestion points: Data enters the context via
zot.items(),zot.everything(), andzot.fulltext_item()as described inreferences/read-api.mdandreferences/full-text.md. - Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands in the retrieved bibliographic data.
- Capability inventory: The skill has access to powerful tools including
Bash,Write, andEditas specified inSKILL.md. - Sanitization: There is no mention of sanitization, escaping, or validation of the content retrieved from the Zotero API before it is processed by the agent.
Audit Metadata