literature-reviewer-skill
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust academic workflow and no malicious patterns or behaviors were detected during the analysis.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core functionality of scraping and processing external academic paper abstracts and titles. This is a functional requirement for its task.
- Ingestion points: Metadata is scraped from external academic databases like CNKI and Web of Science during Phase 2 and processed in subsequent synthesis phases.
- Boundary markers: The prompts in Phase 1 and across Phase 8 use XML-style tags to isolate research topics and collected literature from instructions.
- Capability inventory: The skill utilizes browser tools for scraping and writes resulting review documents to a local session directory.
- Sanitization: Content is processed by the agent in structured phases, which limits the potential impact of adversarial content embedded in the scraped scholarly data.
- [COMMAND_EXECUTION]: The skill uses
browser_evaluateto execute specific JavaScript snippets for metadata extraction from academic sites. This activity is restricted to the target scholarly domains and represents a standard scraping technique. - [EXTERNAL_DOWNLOADS]: The documentation provides links to its source code on GitHub and directs the agent to interact with reputable scholarly databases like PubMed and ScienceDirect, which are considered functional and trusted sources.
Audit Metadata