scholar-sidekick-api
Pass
Audited by Gen Agent Trust Hub on Jul 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto perform network requests tohttps://scholar-sidekick.com/api/*for citation resolution and verification services. This is consistent with the skill's stated purpose of interacting with a REST API. - [EXTERNAL_DOWNLOADS]: The documentation mentions an optional MCP server component that can be executed using
npx -y scholar-sidekick-mcp@latest. This refers to a vendor-published package used for extending the skill's capabilities in supported environments. - [PROMPT_INJECTION]: The skill processes external scholarly identifiers and publication titles provided by users to perform lookups. While this constitutes an indirect injection surface, the risk is mitigated by the structured nature of the API requests and the specialized research use case.
Audit Metadata