arxiv-watcher
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a shell script (scripts/search_arxiv.sh) to query the ArXiv API. While the query is sent to a trusted domain, the input variable $QUERY is not sanitized, which could lead to URL injection or unexpected behavior if the input contains shell-sensitive characters.
- [EXTERNAL_DOWNLOADS]: The skill fetches data from export.arxiv.org using curl. ArXiv is a well-known research repository, so the domain itself is trusted and the fetch is consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it retrieves abstracts and titles from ArXiv which are then processed by the agent. If an attacker-controlled paper summary contains malicious instructions, the agent could potentially follow them.
- Ingestion points: XML results from ArXiv API (scripts/search_arxiv.sh).
- Boundary markers: Absent.
- Capability inventory: Shell script execution (scripts/search_arxiv.sh), network fetching (web_fetch), and file writing (memory/RESEARCH_LOG.md).
- Sanitization: Absent.
Audit Metadata