Skills
skills/wentorai/research-plugins/zotero-scholar-guide/Gen Agent Trust Hub

zotero-scholar-guide

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill programmatically fetches research paper metadata, including titles and abstracts, from external academic APIs. If an attacker manages to place malicious instructions within the metadata of a paper on these platforms, those instructions would be imported into the user's Zotero library and potentially processed by the agent in future steps.
  • Ingestion points: Data is ingested from api.crossref.org and export.arxiv.org within the add_paper_by_doi and add_arxiv_paper functions in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious text within the imported metadata.
  • Capability inventory: The skill has the ability to perform network write operations via the Zotero API and write data to local files using shell redirection.
  • Sanitization: Only minor formatting (newline replacement) is performed on the ingested text; there is no validation for prompt injection patterns.
  • [EXTERNAL_DOWNLOADS]: Fetches academic metadata. The skill uses curl and the Python requests library to fetch information from well-known academic services including Zotero, Crossref, and arXiv.
  • [COMMAND_EXECUTION]: Shell Command Usage. The skill provides examples of using curl and shell redirection to interact with the Zotero API and save bibliographies to local files (e.g., > library.bib).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 02:38 PM