pp-arxiv

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the arxiv-pp-cli tool. It provides instructions to download this software using npx from @mvanhorn/printing-press or go install from the mvanhorn/printing-press-library GitHub repository.
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver parameter that allows routing command output to an external URL via the webhook:<url> sink. It also includes a feedback command which, if configured with the ARXIV_FEEDBACK_ENDPOINT environment variable, can transmit data to a remote server.
  • [COMMAND_EXECUTION]: The skill operates by executing the arxiv-pp-cli binary with various arguments to perform searches and manage data.
  • [PROMPT_INJECTION]: As the skill fetches and processes abstracts and metadata from the public arXiv API, it is susceptible to indirect prompt injection where an attacker could embed instructions within a paper's text to influence the agent's behavior.
  • Ingestion points: Data enters the agent via the query command which fetches content from arxiv.org (SKILL.md).
  • Boundary markers: The skill uses the --agent flag to produce structured JSON output, which helps delineate data from instructions.
  • Capability inventory: The agent can execute shell commands via the arxiv-pp-cli and potentially other tools if allowed (SKILL.md).
  • Sanitization: The output is formatted as JSON, but the skill does not explicitly describe sanitization of the textual content of the research papers.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 03:08 AM
Security Audit — agent-trust-hub — pp-arxiv