zenodo-api
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill requires a 'ZENODO_API_TOKEN' for authenticated operations. It follows security best practices by recommending the use of environment variables ('os.environ') rather than hardcoding sensitive credentials.
- [EXTERNAL_DOWNLOADS]: The skill provides examples for interacting with official Zenodo endpoints (zenodo.org) and refers to documentation from trusted sources like GitHub and DataCite. These are legitimate operations for the skill's stated purpose.
- [COMMAND_EXECUTION]: Provides standard curl command examples for interacting with a REST API. All commands target legitimate service domains and do not involve privilege escalation or suspicious shell operations.
- [INDIRECT_PROMPT_INJECTION]: As the skill is designed to fetch and process metadata from external research records, there is a theoretical surface for indirect prompt injection. However, this is inherent to any data-processing skill, and no exploitable capability chain was identified.
Audit Metadata