deepxiv
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the
deepxiv-sdkPython package. This is a vendor-owned dependency required for the skill to function when local scripts are unavailable. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute thedeepxivCLI and local Python adapter scripts (tools/deepxiv_fetch.py,tools/research_wiki.py). These commands incorporate user-supplied input from$ARGUMENTS, which requires careful handling by the agent to prevent shell command injection. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external academic papers. Malicious instructions embedded in a paper's text could attempt to manipulate the agent's behavior during summarization or documentation tasks.
- Ingestion points: Data enters the context from external academic papers via CLI stdout and script output (JSON/Text) in
SKILL.md(Step 3). - Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions found within the retrieved paper content.
- Capability inventory: The skill has access to
Bash,Read, andWritetools, including the ability to write to a localresearch-wiki/directory. - Sanitization: There is no explicit sanitization or filtering logic described for the content fetched from the DeepXiv service before it is presented to the user or saved to disk.
Audit Metadata