Skills
skills/pjt222/development-guides/manage-bibliography/Gen Agent Trust Hub

manage-bibliography

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The documentation suggests the use of sudo apt install to acquire system dependencies, which constitutes a privilege escalation risk.
  • [EXTERNAL_DOWNLOADS]: The skill performs automated installation of R packages (RefManageR, bibtex, stringdist) and fetches bibliographic metadata from external APIs via DOI identifiers.
  • [PROMPT_INJECTION]: The skill processes untrusted bibliographic data from .bib files, creating a surface for indirect prompt injection. Ingestion points: Reading files via RefManageR::ReadBib in SKILL.md. Boundary markers: Absent. Capability inventory: File system write access and external package installation. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 07:14 AM