ljg-paper
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious obfuscation, credential theft, or unauthorized remote code execution was detected. The skill follows standard operational patterns for a documentation and research tool.
- [DATA_EXPOSURE]: The skill instructions direct the agent to read and write files within the
~/Documents/notes/directory. This is consistent with the stated purpose of managing a personal knowledge base and is considered safe within the intended context of a note-taking extension. - [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests untrusted data from external URLs (Arxiv) and PDF files.
- Ingestion points: External Arxiv HTML/PDF content and local files processed via
WebFetchandReadtools. - Boundary markers: Absent; there are no specific instructions to the agent to ignore instructions embedded within the paper text.
- Capability inventory: The agent can write to the local file system and perform web requests (
WebFetch,WebSearch). - Sanitization: No explicit sanitization or validation of the ingested paper content is mentioned in the instructions.
Audit Metadata