scholar-sidekick-api

Pass

Audited by Gen Agent Trust Hub on Jul 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to perform network requests to https://scholar-sidekick.com/api/* for citation resolution and verification services. This is consistent with the skill's stated purpose of interacting with a REST API.
  • [EXTERNAL_DOWNLOADS]: The documentation mentions an optional MCP server component that can be executed using npx -y scholar-sidekick-mcp@latest. This refers to a vendor-published package used for extending the skill's capabilities in supported environments.
  • [PROMPT_INJECTION]: The skill processes external scholarly identifiers and publication titles provided by users to perform lookups. While this constitutes an indirect injection surface, the risk is mitigated by the structured nature of the API requests and the specialized research use case.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 14, 2026, 06:24 PM
Security Audit — agent-trust-hub — scholar-sidekick-api