check-open-access
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to make network requests to
scholar-sidekick.comto resolve document identifiers and retrieve full-text locations. This external communication is integral to the skill's utility and targets a specific functional domain. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data from an external source.
- Ingestion points: Untrusted data including publication titles, versions, and license strings are retrieved from the
scholar-sidekick.comAPI as documented inSKILL.md. - Boundary markers: The instructions do not define boundary markers or explicit safety prompts to prevent the agent from following instructions potentially embedded in the retrieved scholarly metadata.
- Capability inventory: Although the skill primarily retrieves information, the executing agent may have access to other tools (subprocess execution, file system) that could be targeted by a malicious payload in the metadata.
- Sanitization: There is no mention of sanitization, validation, or escaping logic for the retrieved JSON values before they are used in subsequent agent turns.
Audit Metadata