Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/research-wiki/Gen Agent Trust Hub

research-wiki

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Surface for indirect prompt injection via external data ingestion.
  • Ingestion points: Untrusted paper abstracts are retrieved from the arXiv API via the ingest subcommand and stored in the papers/ directory.
  • Boundary markers: The skill places raw abstracts inside markdown blockquote sections (## Abstract (original)), providing basic structural separation but no safety-specific instructions.
  • Capability inventory: The skill uses Bash(*), Write, Edit, and Agent tools (SKILL.md) to manage files and generate summaries.
  • Sanitization: No explicit sanitization of the retrieved abstract text is performed before it is added to the agent's context.
  • [COMMAND_EXECUTION]: The skill uses shell commands to interact with a local Python helper script (research_wiki.py). It includes logic to dynamically resolve the script path within the project repository or a fallback repository path ($ARIS_REPO). This is a standard pattern for project-integrated tools.
  • [EXTERNAL_DOWNLOADS]: The skill fetches paper metadata and abstracts from the arXiv API (a well-known research service) when an arXiv ID is provided to the ingest or sync subcommands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 01:26 AM
Security Audit — agent-trust-hub — research-wiki