zotero-report
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted text from external sources and processes it through the agent for summarization and analysis.
- Ingestion points:
scripts/generate_report.pyfetches metadata (titles, abstracts) from the Zotero API and extracts text from downloaded PDF files viascripts/pdf_extractor.py. - Boundary markers: No delimiters or instructions are used to distinguish external content from agent instructions in the analysis pipeline described in Mode 1, Phase 2.
- Capability inventory: The skill uses
Bashto execute multiple scripts and hasWritepermissions to create Markdown and exported report files. - Sanitization: Content from papers is interpolated directly into templates (
templates/report_template.md) and passed to the agent without escaping or validation. - [COMMAND_EXECUTION]: The script
scripts/export_report.pyusessubprocess.runto execute system binariespandocandhwpx-convertto perform document format conversions. While it uses the list-based invocation method to mitigate shell injection, it operates on files based on arguments provided by the agent.
Audit Metadata