pp-arxiv
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
arxiv-pp-clitool. It provides instructions to download this software usingnpxfrom@mvanhorn/printing-pressorgo installfrom themvanhorn/printing-press-libraryGitHub repository. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliverparameter that allows routing command output to an external URL via thewebhook:<url>sink. It also includes afeedbackcommand which, if configured with theARXIV_FEEDBACK_ENDPOINTenvironment variable, can transmit data to a remote server. - [COMMAND_EXECUTION]: The skill operates by executing the
arxiv-pp-clibinary with various arguments to perform searches and manage data. - [PROMPT_INJECTION]: As the skill fetches and processes abstracts and metadata from the public arXiv API, it is susceptible to indirect prompt injection where an attacker could embed instructions within a paper's text to influence the agent's behavior.
- Ingestion points: Data enters the agent via the
querycommand which fetches content fromarxiv.org(SKILL.md). - Boundary markers: The skill uses the
--agentflag to produce structured JSON output, which helps delineate data from instructions. - Capability inventory: The agent can execute shell commands via the
arxiv-pp-cliand potentially other tools if allowed (SKILL.md). - Sanitization: The output is formatted as JSON, but the skill does not explicitly describe sanitization of the textual content of the research papers.
Audit Metadata