Skills
skills/tinyfish-io/tinyfish-cookbook/academic-research-mapper/Gen Agent Trust Hub

academic-research-mapper

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the tinyfish CLI tool to perform browser automations for extracting search results from arXiv, Semantic Scholar, and Google Scholar. All command patterns are scoped to these legitimate research purposes.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs users to install the @tiny-fish/cli package from NPM. This is a vendor-owned resource provided by tinyfish-io to enable the skill's functionality.
  • [PROMPT_INJECTION]: The skill processes research data (titles and abstracts) from external academic websites. This represents a potential surface for indirect prompt injection if a source contains malicious content. The skill mitigates this risk by providing the agent with strict extraction goals for structured JSON data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 06:20 PM
Security Audit — agent-trust-hub — academic-research-mapper