claim-verification

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its requirement to process and semantically analyze untrusted external data. Ingestion points: Content from LaTeX manuscript files and research abstracts retrieved via the Zotero MCP server or the research-lookup skill from databases like Crossref and PubMed. Boundary markers: The skill instructions do not specify the use of delimiters or protective instructions when passing retrieved abstract content to the LLM for semantic matching. Capability inventory: The agent has capabilities to write to local report files, modify claim status fields in markdown files, and perform further network lookups. Sanitization: No evidence of sanitization, filtering, or validation is provided for the content of abstracts before they are analyzed by the model.
  • [COMMAND_EXECUTION]: The skill executes local scripts and hooks to verify the environment and validate document structure. Evidence: Execution of the check-zotero.sh script and reference to project hooks such as enforce-terms.sh and enforce-claims.py.
  • [EXTERNAL_DOWNLOADS]: The skill fetches metadata and abstracts from well-known and trusted research services. Evidence: Interactions with Zotero, Crossref, and PubMed through the Zotero MCP server and specialized helper skills.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — claim-verification