zotero-gpt-guide
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The guide directs users to download a Zotero plugin (.xpi file) from a community GitHub repository. This is standard practice for Zotero extensions.
- [CREDENTIALS_UNSAFE]: The documentation follows security best practices by instructing users to manage sensitive API keys through system environment variables rather than hardcoding them.
- [PROMPT_INJECTION]: As the plugin is designed to process external research papers and annotations, it inherently possesses an indirect prompt injection surface. A malicious document could contain instructions intended to influence the AI's analysis, but the guide itself contains no such patterns.
- [NO_CODE]: The provided file contains only markdown documentation and no executable scripts or commands.
Audit Metadata