arxiv

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is to interact with official academic APIs (export.arxiv.org and api.semanticscholar.org). These are well-known, reputable services for research purposes.
  • [REMOTE_CODE_EXECUTION]: The automated security alerts for remote code execution are false positives. The identified patterns (e.g., curl ... | python3 -c "...") do not execute code from a remote URL. Instead, they fetch data from trusted APIs and use a locally provided Python string (via the -c flag) to parse the output. This is a standard and safe method for handling structured data like XML or JSON in shell-based environments.
  • [COMMAND_EXECUTION]: The skill uses standard CLI tools (curl, python3) and internal Python libraries (urllib, xml.etree.ElementTree) to perform its documented tasks. All command usage is transparent and aligns with the skill's stated purpose of academic research.
  • [DATA_EXFILTRATION]: No exfiltration risks were identified. All network requests are directed to official academic repository domains, and there is no evidence of the skill accessing sensitive local files or environment variables.
  • [PROMPT_INJECTION]: The instructions in SKILL.md are purely functional and do not contain any patterns intended to bypass agent safety filters or override system instructions.
  • [INDIRECT_PROMPT_INJECTION]: While the skill processes external data (titles and abstracts of academic papers), this is its core intended use case. The ingestion of data from established academic sources like ArXiv poses negligible risk of adversarial prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 07:01 PM
Security Audit — agent-trust-hub — arxiv