Skills
skills/pythonfz/riszotto/using-riszotto/Gen Agent Trust Hub

using-riszotto

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the riszotto package from PyPI using the uv tool manager. This is a vendor-provided tool from the skill author.
  • [COMMAND_EXECUTION]: The skill relies on executing the riszotto CLI tool to perform its primary functions, such as searching and retrieving papers from the Zotero API.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from Zotero libraries, including paper titles, authors, and full-text content from PDFs.
  • Ingestion points: Bibliographic data retrieved via riszotto search, riszotto show, and riszotto export (referenced in SKILL.md).
  • Boundary markers: Absent. The instructions do not specify how to distinguish between legitimate bibliographic data and potential embedded instructions.
  • Capability inventory: The agent has the capability to execute shell commands via the riszotto tool.
  • Sanitization: Absent. No sanitization or validation of the retrieved content is performed before it is added to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 04:11 PM
Security Audit — agent-trust-hub — using-riszotto