check-open-access

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to make network requests to scholar-sidekick.com to resolve document identifiers and retrieve full-text locations. This external communication is integral to the skill's utility and targets a specific functional domain.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data from an external source.
  • Ingestion points: Untrusted data including publication titles, versions, and license strings are retrieved from the scholar-sidekick.com API as documented in SKILL.md.
  • Boundary markers: The instructions do not define boundary markers or explicit safety prompts to prevent the agent from following instructions potentially embedded in the retrieved scholarly metadata.
  • Capability inventory: Although the skill primarily retrieves information, the executing agent may have access to other tools (subprocess execution, file system) that could be targeted by a malicious payload in the metadata.
  • Sanitization: There is no mention of sanitization, validation, or escaping logic for the retrieved JSON values before they are used in subsequent agent turns.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 08:13 AM
Security Audit — agent-trust-hub — check-open-access