Skills
skills/wentorai/research-plugins/npcpy-research-guide/Gen Agent Trust Hub

npcpy-research-guide

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the 'npcpy' package from the standard Python package registry using 'pip install npcpy' to provide its core functionality.
  • [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection by processing external data from research papers and web searches through an LLM.
  • Ingestion points: The skill processes external content via 'workflow.analyze_paper("paper.pdf")' and tool-based web searches within the 'Agent' class.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided examples.
  • Capability inventory: The skill enables LLM-driven analysis, tool execution (search, calculator), and file system writes ('report.save("review.md")').
  • Sanitization: No sanitization or validation of the content within processed PDFs or search results is implemented in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 02:38 PM