arxiv-watcher
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes untrusted data from external research paper abstracts.
- Ingestion points: ArXiv API XML results are parsed for titles and summaries in SKILL.md.
- Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the fetched paper content.
- Capability inventory: The skill possesses the capability to execute a local shell script (scripts/search_arxiv.sh), perform network fetches (web_fetch), and write to the local file system (memory/RESEARCH_LOG.md).
- Sanitization: No evidence of sanitization, filtering, or validation of the retrieved content is present before it is used by the agent or saved to the log.
Audit Metadata