alphaxiv
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches paper metadata and structured overviews from alphaxiv.org and arxiv.org. These external calls are expected as they are central to the skill's purpose of research assistance.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted content from the web and processes it without explicit isolation. 1. Ingestion points: Untrusted data is retrieved from alphaxiv.org/api and arxiv.org/abs (SKILL.md). 2. Boundary markers: The prompt template does not use delimiters or instructions to ignore potential commands embedded within the paper summaries. 3. Capability inventory: The skill has access to WebFetch (network) and Write (filesystem) capabilities. 4. Sanitization: There is no mention of sanitizing or validating the fetched external content before it is displayed or saved to the user's research notes.
Audit Metadata