Skills
skills/pjt222/development-guides/validate-references/Gen Agent Trust Hub

validate-references

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs R dependencies (RefManageR, httr2, curl) from the CRAN registry during initialization if they are not detected.
  • [EXTERNAL_DOWNLOADS]: The script connects to the CrossRef API (api.crossref.org) and arbitrary URLs found in the bibliography file to verify metadata and check link accessibility.
  • [COMMAND_EXECUTION]: The skill's documentation suggests a command using 'sudo' (sudo apt install libcurl4-openssl-dev) to resolve missing system dependencies, which may be executed by an agent encountering environment issues.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted bibliography data and includes it in a markdown report without sanitization.
  • Ingestion points: Data is read from a user-provided 'references.bib' file in Step 2.
  • Boundary markers: No delimiters or warnings are used to separate the processed data from the report structure.
  • Capability inventory: The skill possesses capabilities for file modification, bash execution, and network communication.
  • Sanitization: The script does not sanitize or escape BibTeX fields (e.g., title, author) before writing them to the 'validation-report.md' file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:15 AM