literature-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's documentation includes instructions to install the parallel-cli utility via curl -fsSL https://parallel.ai/install.sh | bash. This is a standard installation method for this tool, which is used for broad academic literature discovery.
  • [COMMAND_EXECUTION]: The scripts/generate_pdf.py file uses subprocess.run() to execute the pandoc system command. This execution is necessary for the skill's intended purpose of converting markdown documents into formatted PDF files.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to established academic infrastructure services such as PubMed, arXiv, bioRxiv, and CrossRef to retrieve research findings and verify citation metadata.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests untrusted data from academic search results. 1. Ingestion points: External data enters the context through parallel-cli search and various scholarly APIs. 2. Boundary markers: No specific delimiters or "ignore instructions" warnings are included in the synthesis workflow. 3. Capability inventory: The skill possesses capabilities for subprocess execution (scripts/generate_pdf.py), file writing, and network operations (scripts/verify_citations.py). 4. Sanitization: No content validation or escaping is applied to the retrieved paper content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — literature-review