Skills
skills/pjt222/development-guides/format-citations/Gen Agent Trust Hub

format-citations

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads CSL style files from the official Citation Style Language GitHub repository, which is a trusted and well-known source for academic formatting styles.
  • [COMMAND_EXECUTION]: It uses system2 to execute Pandoc and rmarkdown::render to compile documents. These are standard operations for generating academic citations and reports in an R environment.
  • [PROMPT_INJECTION]: Identified potential for indirect prompt injection (Category 8) due to the ingestion of user-controlled document and bibliography files.
  • Ingestion points: Processes user-provided .bib and .Rmd files as seen in SKILL.md.
  • Boundary markers: Absent; the skill lacks explicit delimiters to separate user data from instructions.
  • Capability inventory: Access to system2 for binary execution, rmarkdown::render for code execution within documents, and utils::download.file for network operations.
  • Sanitization: No sanitization or validation is performed on the input citation keys or bibliographic data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:14 AM
Security Audit — agent-trust-hub — format-citations