discovery-skills
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill interacts with public academic research APIs including Semantic Scholar, OpenAlex, and CrossRef to retrieve publication metadata and citation counts. No access to sensitive local files, credentials, or unauthorized data exfiltration patterns were observed.
- [EXTERNAL_DOWNLOADS]: The skill references legitimate external resources, such as the community-curated 'Papers We Love' GitHub repository and research models (SPECTER2) from AllenAI. It also points to a Zotero plugin release on the author's official repository for extension functionality.
- [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection as the skill processes paper abstracts and metadata fetched from external research databases. This is documented as a functional surface for literature synthesis, where the ingested content is analyzed for research purposes without granting the data access to high-privilege command execution or sensitive operations.
Audit Metadata