sci-zotero
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes an external Python script located at
../../scripts/zotero.pyto perform library operations such as listing items and adding citations. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests bibliographic metadata from external sources.
- Ingestion points: Bibliographic data such as paper titles, abstracts, and author names fetched via DOI, ISBN, PMID lookups or from the Zotero API.
- Boundary markers: None identified; the skill does not provide instructions to the agent to treat data from these external sources as untrusted or to ignore embedded commands.
- Capability inventory: The skill can execute local scripts (
zotero.py) with arguments derived from user input or external data. - Sanitization: None identified; there is no mention of validation or sanitization of the data retrieved from external bibliographic databases.
Audit Metadata