zotero-markdb-connect-guide
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading a Zotero plugin (.xpi file) from a GitHub repository. This is a standard and expected installation method for the described functionality.
- [DATA_EXPOSURE]: The documentation references local file system paths (e.g., Obsidian vault directories) as part of its configuration guide. This is necessary for the sync functionality and does not involve unauthorized access or exfiltration.
- [PROMPT_INJECTION]: The skill defines templates that ingest external data such as Zotero item metadata and PDF annotations. While this represents a surface for indirect prompt injection if the resulting Markdown is processed by other automated agents, the skill itself is a static guide and does not contain logic to autonomously execute or interpret this data.
Audit Metadata