zotero-report

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted text from external sources and processes it through the agent for summarization and analysis.
  • Ingestion points: scripts/generate_report.py fetches metadata (titles, abstracts) from the Zotero API and extracts text from downloaded PDF files via scripts/pdf_extractor.py.
  • Boundary markers: No delimiters or instructions are used to distinguish external content from agent instructions in the analysis pipeline described in Mode 1, Phase 2.
  • Capability inventory: The skill uses Bash to execute multiple scripts and has Write permissions to create Markdown and exported report files.
  • Sanitization: Content from papers is interpolated directly into templates (templates/report_template.md) and passed to the agent without escaping or validation.
  • [COMMAND_EXECUTION]: The script scripts/export_report.py uses subprocess.run to execute system binaries pandoc and hwpx-convert to perform document format conversions. While it uses the list-based invocation method to mitigate shell injection, it operates on files based on arguments provided by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 02:48 PM
Security Audit — agent-trust-hub — zotero-report