papers-skill
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
httpx,arxiv, andPyMuPDFpackages from the official Python package registry (PyPI) to facilitate network requests and PDF processing. - [COMMAND_EXECUTION]: The agent runs a bundled command-line interface script (
scripts/papers.py) to orchestrate its search, metadata retrieval, and file handling capabilities. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingest and processes text from external academic papers without sanitization.
- Ingestion points: The
readsubcommand inscripts/papers.pyextracts text directly from local PDF files into the agent's context. - Boundary markers: There are no explicit delimiters or instruction-override warnings used to wrap the text extracted from PDFs.
- Capability inventory: The skill possesses the ability to write to the file system (
download), execute subprocesses (the bundled CLI), and perform network operations (API calls). - Sanitization: The extracted text is returned as a raw string without filtering for potential adversarial instructions hidden in the document content.
Audit Metadata